OpenRent has always been committed to the protection of personal data and we have a company culture of data protection by design. GDPR does not change this, but it is a good time to explain everything we do to protect your data.
Here we answer your top questions about OpenRent and GDPR, including what landlords need to do to be GDPR compliant.
In this guide:
- What OpenRent has done to be GDPR compliant
- What landlords need to do to be GDPR compliant
What have OpenRent done to ensure they’re compliant with GDPR?
We have taken the following steps to reassure our users that we are fully compliant with the latest legislation.
All employees have received updated training on data protection, our own internal processes and the amendments we’ve made to our policies and processes in light of GDPR.
Comprehensive review and audit
We have carried out a comprehensive review of our activities to identify the personal data we capture, store and process. These have been mapped and compiled into a Personal Data Inventory for our business, which is maintained by our Data Protection Officer. We have also reviewed our supplier contracts to ensure they are GDPR compliant.
We have taken legal advice to clarify our position as data controller and data processor across the range of activities we carry out, and the lawful basis on which we process personal data.
Data Protection Officer
We have appointed a Data Protection Officer to oversee compliance. You can contact them any time at email@example.com.
Subject access requests and communication
We have updated our Data Privacy Manual which governs, among other things, our policies concerning subject access requests, requests for account deletion and procedures relating to security issues and breaches.
In particular we have reviewed and strengthened our process to ensure we receive and respond to subject access requests appropriately, and our procedures for the detection, reporting and investigation of data breaches, including a data security breach plan in the event of a crisis.
What do landlords need to do to ensure they’re compliant with GDPR?
Landlords are controllers of personal data and need to be GDPR compliant. Specifically, this means it is recommended to take the following steps:
- Register with the Information Commissioner’s Office (ICO).
- Carry out a review of the personal data you capture, store and process. This will usually be personal data about tenants and guarantors, and your review should also consider who else you might share it with (e.g. with an engineer who will be attending your property).
- Following your review, provide tenants and guarantors with a privacy notice explaining what personal data about them you collect and how you use it. This should be given to tenants as soon as possible when they first contact you, as well as to any existing tenants.
- Anyone you share personal data with should have an agreement with you to clarify that they only use it for its intended purpose.
General Disclaimer and Legal Advice
We would point out that we are not providing legal advice. GDPR is a highly complex area and we do recommend that you seek legal counsel on how to comply with this new law and the related ePrivacy Directive (2003), which will soon be changed to what is known as the ePrivacy Regulation and could result in further changes to the way we all conduct our business in this sector.
If you have any questions, please do not hesitate to contact us here.