Record Keeping and Data Protection

Landlords must have a sound record-keeping system. The landlord should keep a file for a property, and then each time a new tenancy is given to a new tenant, the landlord should place a new file into the property file. You could keep the exact structure for computer storage. 

Under the General Data Protection Regulations, landlords must register with the Information Commissioner's Office (ICO) on almost every occasion. Registration is required if personal information is processed on an electronic device, including mobile phones, tablets, and computers. Processing includes: storing, using and deleting data. Registration is straightforward and inexpensive.

To complete registration, visit the ICO website, where a quick and simple self-assessment tool establishes in a few easy steps if a fee is payable.

The General Data Protection Regulations significantly alter the way data controllers must operate. Firstly, if the processing is based on consent, consent to process data must be "opt-in", not "opt-out". This means they have to undertake some specific action to choose to allow their data to be processed. Secondly, consent is not the only lawful basis for processing data. There are four relevant lawful bases that are likely to affect lettings: consent, fulfilment of a contract, compliance with the law and legitimate interests of the data controller.

The new rules give more rights to the individual about whom you have data. The regulations include the right to be informed about what you will do with data:

• the right to access their information (you cannot charge a fee),
• the right to have errors corrected, the right to have their data erased (in some circumstances), and
• the right to restrict the reasons their data can be processed.

The first step in compliance is to understand what data you hold and on what basis you process it. Arranging a plumber for a repair may fall under the lawful basis of processing of contract fulfilment, and may not, therefore, need the tenant's consent. However, suppose you want to send a surveyor to value the property. In that case, this is not likely to be "contractual", so giving out the tenant's information would have to be based on processing, perhaps either the landlord's legitimate interest or consent.

Note that if the data controller provides the data to a third party, then a record must be made of this so that if the data is later updated, you know to whom the data was given and pass on the correct updated data. It would be best to ensure that any third party will be handling the data following GDPR and what they are and are not allowed to do with the data; this is referred to as a data processing agreement.

Many people store copies of tenancy agreements on their computers or in the 'cloud. ' Ensure any format they are being held in will still exist in many years (think 20 years plus). Although the average let is around 18 months, it is not unusual to see a tenant stay in a property for 10 - 20 years. If you needed the tenancy agreement for possession in 15 years, could you still open it? Is the cloud provider you were using still in business, then? It is always best to have a paper copy of essential things such as tenancy agreements.

Although there are no guarantees, suitable formats that should survive include PDF or JPEG (or JPG).

You should use a sound rent accounting system. There is nothing wrong with a simple spreadsheet such as Excel or Google Docs Spreadsheet, and other specialist software is also available but again, ensure longevity.