The GDPR stands for General Data Protection Regulation. It is a set of regulations adopted by the European Parliament, the Council of the European Union, and the European Commission designed to give European citizens greater control over their personal information. Essentially, it aims to streamline data protection regulations, creating a single framework that applies to both businesses and individuals across the continent. As a landlord, you need to know how to comply with GDPR to protect your data.
Plans to reform Europe’s data protection policies started in 2012 when the European Commission proposed to bring the continent up to speed and ‘fit’ for the digital age. The reforms were not unfounded, considering that countries across the globe are rapidly becoming connected through the internet.
After four years, the GDPR was finally approved by the European Parliament. It was enacted on May 25, 2018.
Why is protecting landlord data so important?
People’s lives revolve around data. From the social networking sites that they frequent to the online banking services that they use, almost every online service that people use involves the collection of personal information. A colossal amount of data such as names, addresses, phone numbers, credit card numbers, and more are gathered, analyzed, and stored every day.
It’s no secret that data breaches can happen. Cybercriminals or hackers can maliciously steal data that was never meant to be seen. Once the data falls into the wrong hands, damaging consequences such as the following can happen:
- Financial loss
- Reputational damage
- System downtime
- Lawsuits
- Permanent loss of data
Even established companies like Facebook and LinkedIn have experienced a data breach more than once — so, what’s preventing hackers from hacking into your data?
What types of landlord’s data does the GDPR protect?
Article 4 of the GDPR defines “personal data” as “information relating to an identified or identifiable natural person.” Simply put, the GDPR protects information that pertains to a particular person. But does this mean that the GDPR is applicable only when the information points directly to someone, hence making them “identifiable”?
Not quite. Since organizations and businesses collect a variety of information, not every piece of data that they store may automatically individuate someone. For instance, a business may require its customers to declare their occupation when they sign up on their website. Evidently, someone’s occupation isn’t unique to them. There may be thousands of persons who share the same job title.
Similarly, names aren’t always unique. The name ‘Jane Doe’ may not be considered personal data under the GDPR because there are other individuals who share the same name. However, when this single piece of data is used alongside other relevant information (e.g., addresses, phone numbers, etc.), then it may be sufficient to identify an individual.
As you can see, it can be tricky to determine whether a piece of data is considered “personal data” under the GDPR. It would be best to consult a property manager or an attorney who is adept in data protection regulations.
Generally, however, the following types of landlord and tenant data are protected by the GDPR:
- Basic information such as names, addresses, and telephone numbers
- Web data such as IP addresses and cookie data
- Data on one’s race or ethnicity
- Data on one’s sexual orientation
- Biometric data (e.g. fingerprints, typing cadence, etc.)
Which companies does the GDPR apply to?
Under the GDPR, organizations and businesses that retrieve personal data from customers from Europe or the European Economic Area (EEA) are legally obligated to keep their customers’ data secure.
If you’re wondering if the GDPR affects your rental business in the United States, the answer is yes. Any company, whether or not they are located in the EU, must comply with the GDPR. As long as your website collects and processes data from residents of the EU, you need to meet the GDPR’s conditions.
How to comply with GDPR to protect tenants’ data?
If you are collecting your customers’ data when they are signing up online using your website, you should know how to comply with GDPR. When processing personal information from clients from the EU and the EEA, your website must meet these conditions to comply with the GDPR:
#1 Update your privacy policy
The first step is to identify the kind of data that you will be collecting. In updating your privacy policy, you may want to be guided by the following questions:
- What type of data will be collected?
- Why will the data be collected?
- Where will the data be stored?
- How will the data be processed?
- Who has access to the data?
Once you’ve answered those questions and have provided a legal basis, you can update your privacy policy to explain why you need to collect your customer’s or client’s information in the first place.
If you’ve hired a property management company, you can ask their property managers for the exact information that your tenants will have to provide.
#2 Secure the data
Aside from identifying the type of data that you’ll be collecting, you should also create policies regarding how the data will be used and disposed of. If you’re self-managing consider conducting training sessions for your staff. This will enable them to understand when they can legally retrieve and release tenant data to protect tenant sensitive data. Additionally, make sure that your team knows what to do in the event of a data breach.
#3 Give control to your tenants
Your tenants, or your “data subjects”, should have complete control over their data. They should be able to:
- Retrieve their data from you
- Retrieve a copy of their data in digital file formats such as CSV
- Correct or update their data
- Request that you wipe their data
- Opt-out of your data collection
Before retrieving data from your tenants, you should always obtain their clear consent. Make sure that the tenant understands why you need their data. Consider looking into consent management platforms (CMPs) if you’re retrieving tenant data through a website.
Conclusion
Data protection is not just something that protects your rental business’s valuable files. It is a legal obligation that can be tricky to navigate. If you fail to protect your tenant’s data, you might permanently damage your reputation, lose significant revenue, and face long-drawn-out lawsuits should your tenant find themselves a victim of identity theft. Hope this article will help you learn how to comply with GDPR to protect your tenant’s data as well as yours.
Since it’s a complicated matter, you should consider hiring a property management firm that complies with data protection regulations. At Luxury Property Care, our property managers are well-aware of how important it is to safeguard your tenant’s data. By partnering with us, you can benefit from having 24/7 security and contingency plans should there be a data breach.
Contact us at (561) 944 – 2992 or leave us a message to learn more.