Why GDPR Matters for Letting Managers
Letting managers process significant volumes of personal data — tenant applications, referencing information, financial records, maintenance histories, and landlord details. Under UK GDPR you are a data controller for this information.
Lawful Bases
Contract covers active tenancy management. Legal obligation covers Right to Rent checks and deposit protection. Legitimate interests covers pre-tenancy referencing. Consent is required for marketing communications.
Tenant Referencing
Inform applicants at application stage that referencing checks will be carried out and by whom. Sign Data Processing Agreements with referencing agencies. Retain unsuccessful applicant data for up to 6 months only.
Right to Rent Checks
Store identity document copies securely — encrypted digital storage or locked physical files. Retain for tenancy duration plus one year. Delete securely when the retention period expires.
Marketing and PECR
Email marketing requires prior consent or the soft opt-in for existing clients. Include unsubscribe mechanisms in every marketing email. Honour unsubscribe requests within 10 working days.
How Custodia Helps
Custodia's AI-powered compliance platform helps letting agencies stay on top of data protection obligations. Start your free trial.
Top comments (0)