Understanding the General Data Protection Regulation (GDPR): The General Data Protection Regulation (GDPR) compelled European Union companies to adhere to fresh data protection regulations, imposing penalties for non-compliance while permitting the secure utilization of relevant information.
The legislation delineates the processing of personal data, encompassing its collection, recording, storage, utilization, deletion, and more.
The Data Protection Act 2018: In the United Kingdom, GDPR was transposed into law through the Data Protection Act 2018. This Act elucidated the UK’s commitment to following EU regulations, emphasizing that personal data must be:
Personal data encompasses any information that can potentially identify an individual.
Introduction to UK-GDPR: After Brexit, the UK adopted GDPR into its legal framework, leading to the birth of UK-GDPR. While resembling its EU counterpart in many aspects, the Data Protection Act and UK-GDPR need to be considered together. UK-GDPR provides the specifics, while the Data Protection Act outlines its implementation.
Privacy and Electronic Communications Regulations: In addition to the UK’s data protection rules, the Privacy and Electronic Communications Regulations (PECR) address the use of data for marketing communications, covering emails, calls, text messages, and website cookies. It also addresses the security of retained data and its permissible sharing.
Exploring the “Consent” Rules: One key facet of these regulations concerns obtaining consent for using personal and contact information. For example, new contacts added to your database should consent to receiving marketing communications from your agency and granting consent to share their personal data with third parties.
UK-GDPR defines consent as freely given, specific, informed, unambiguous, and easy to withdraw. It must be presented as an “opt-in” choice, not “opt-out.”
An Insight into the Data Protection and Digital Information (No. 2) Bill: The Data Protection and Digital Information (No. 2) Bill will amend UK-GDPR, the Data Protection Act 2018, and PECR. The bill aims to simplify and update the existing data protection framework to reduce organizational burdens while maintaining high data protection standards.
Businesses already compliant with existing regulations are likely to remain compliant under this new bill. This legislation will enable businesses operating exclusively within the UK, without expansion plans into the EU, to adhere to simplified UK-specific laws.
Considerations for Letting Agents in Data Protection: Letting agents handle a substantial amount of personal information concerning both tenants and landlords. It is crucial to have a lawful basis for collecting such data. If you request additional information from tenants, ensure that there is a legitimate reason for doing so, and that it is relevant and necessary, such as for inclusion in the tenancy contract.
For any other purposes, like marketing services based on tenant preferences, obtaining consent is imperative, or it should fall within the purview of “legitimate interest.” Each step of data collection should be justified. Once you possess this data, its security becomes paramount.
The information in this post is valid to the best of our knowledge on the date of posting. It is advised that you seek independent advice based on your individual circumstances.
T +44 (0)203 488 1488