How Does GDPR Apply to HMO Landlords?
GDPR, or General Data Protection Regulation, to give it its full name, applies to how consumers’ personal data is processed and collected.
Essentially, anybody holding or processing personal data must be compliant with GDPR legislation, and that includes HMO landlords in Kent.
As an HMO landlord, you collect, store, and use personal details about tenants, like their names, phone numbers, and email addresses. That means that you must ensure those details are:
- Used transparently, lawfully, and fairly.
- Only used for explicit and specified purposes.
- Only used in ways that are relevant, adequate, and necessary.
- Accurate and updated as necessary.
- Not kept for any longer than necessary.
- Handled in such a way to ensure proper security against unauthorised or unlawful processing, loss, damage, destruction, or access.
Storing and Processing HMO Tenants’ Information
The information you collect from your HMO tenants must be stored and processed transparently. You can do that by notifying your tenants about:
- Exactly what kind of personal details you collect about them.
- Why that information is needed.
- How the information may be used.
- Who else may potentially see that information.
- How long the information will be kept for.
How Can HMO Landlords Comply with GDPR Regulations?
There are several steps to take to ensure you are compliant with GDPR regulations:
- Keep evidence to prove your tenants have given you permission to hold their information. The best way to do this is to include a cause regarding GDPR in your HMO tenancy agreements or by asking for your tenants’ signature on a waiver.
- Only use their data for the original intended purpose, for example for deciding whether they are a suitable tenant for your property.
- Destroy the data when you no longer require it. Delete all emails that are electronically stored and don’t keep digital files containing the information.
How Can HMO Landlords Handle Data Securely?
Maintaining compliance is often daunting, but there are several actions to take to make sure you’re compliant with the GDPR regulations. These include:
- Using strong passwords on all devices containing personal tenant information.
- Limiting the number of people who can access and use those devices.
- Installing anti-virus software to prevent malware and hackers from accessing the devices.
- Disposing of documentation properly by shredding physical documents and deleting emails once the information is no longer required.
- Never releasing the details to anybody else except someone with consent.
Must HMO Landlords Use Privacy Notices?
All forms and documents used by HMO landlords that collect personal details must contain privacy policies explaining how, why, and the length of time the information is going to be stored and processed. In the policy, it should also be stated how the data will be used. You should also register your tenants’ personal information with the ICO.
What Does Unlawful Data Use Mean for HMO Landlords?
Using data lawfully means that you’re only using it to achieve an intended purpose. As an example, if your tenant’s referee sends information about them, you’re going to use it to determine whether they’re a suitable tenant for your property. However, if you then sell the information to another third party to be used commercially, that is unlawful use of the data. Landlords have no need to provide reference information to anybody else except a letting agent. Profiting from such information could cause you legal problems.
Simplifying GDPR For HMO Landlords
The HMO property management team here at Rooms in Kent understand how complex GDPR regulations can be for HMO landlords. That’s why we’re on hand to help.
When you choose us to manage your HMO property in Kent, we will manage GDPR compliance on your behalf, so you have one less thing to worry about.