If you manage property assets have you considered that GDPR will apply to the information you hold relating to tenants?
Typically you will use and store tenants’ personal information and so will be legally required to comply with GDPR and you need to process and control this information in a transparent fashion, which includes explaining:
- What personal information you collect.
- Why you need their personal information.
- How you might use their personal information (including who the information might be shared with), and ensuring you only use it in that way (unless there are overriding legal precedents requiring the information).
- How long their personal information is retained for.
On a positive note GDPR is actually a good opportunity to take a look at how you’re organising tenancy documents in general and to improve your processes, making them more efficient and you may wish to issue an updated privacy notice. For more information on this topic click here for a recent article by DAC Beachcroft solicitors.
It is important to remember there is a risk of significant fines and penalties for any firms falling victim to a data breach and after a data breach, you will need to contact the Information Commissioner’s Office (ICO) within 72 hours, and, you will need a rapid plan of action for communicating to customers, suppliers and employees.
You are likely to incur costs for a combination of IT forensic investigation, legal assistance, communication logistics and, public relations and whilst risk management will help to prevent a cyber attack, even the best security does not always prevent an intrusion.
In the event that an incident does occur, cyber insurance provides a valuable safety net. Click here to learn more about Cyber Insurance.