Skip to main content
Sign up to updates

The Information Commissioner’s Office (“ICO”) has recently issued a warning to all operators within the housing sector including landlords, licensors and agents to comply with GDPR requirements, or face the consequences.

Do you process data?
 As part of the property guardian application process, you will gather personal data about those applicants. That data helps you to decide whether the property guardian’s application has been successful. But did you know that anyone who processes data (which you are doing as part of the application process) has a legal responsibility to protect that information under data protection law?

What’s the issue?
Common complaints from tenants/licensees to the ICO relating to lack of data protection include:

  • Inaccurate recordkeeping which may lead to anxiety
  • Necessary repairs being refused due to a misunderstanding about data sharing
  • Concerns from residents who require extra support due to language barriers, health or additional needs or where there is a history of domestic abuse

The ICO’s complaints data suggests there is a lack of understanding about data protection law by some organisations in the UK housing sector.

Common issues
Common data protection issues that may arise through the property guardianship model include:

  • Inappropriate disclosures of personal information.
  • Failure to keep accurate records – including a need to train staff on the correct processes.
  • What personal data is necessary and appropriate to process? For example, when taking photos of a property guardian’s room during a routine inspection, or as evidence of items left behind after they have vacated (find out more about this in our article – What to do if a property guardian leaves items behind?) is there a risk of breaching data privacy?

What are the potential consequences of getting it wrong?
Property guardian providers must comply with GDPR law to avoid any breaches or fines. As well as potential regulatory fines issued, there could be potential reputational damages if you are “named and shamed” by the ICO, and/or if you have to pay compensation for data losses or illegal disclosure.

What next?
Safeguarding sensitive information is not only essential for maintaining compliance but also for fostering trust with your property guardians and employees.  Our Data Privacy expert, Penny Bygrave, recently shared some practical insight relating to data protection in the workplace, which may also be of interest – Data protection in the Workplace: 5 quick wins. Stay vigilant, stay secure!

We offer a range of GDPR support packages tailored to your needs, to find out more, please take a look at our Support for the DPO PackageIf you would like to discuss how best to approach GDPR compliance within your business please contact our Data Privacy team at


Greenwoods Legal LLP is a Limited Liability Partnership, registered in England, registered number OC306912. Our registered office is Queens House, 55-56 Lincoln’s Inn Fields, London, WC2A 3LJ. A list of the members’ names is available for inspection at our offices in Peterborough, Cambridge and London. Authorised and regulated by the Solicitors Regulation Authority, SRA number 401162. Details of the Solicitors’ Codes of Conduct can be found at All instructions accepted by Greenwoods Legal LLP are subject to our current Terms of Business. VAT Reg No: 161 9287 89.

    By completing and submitting this form, you consent to Greenwoods Legal LLP processing your personal data to provide you with the email update services you have selected and any other materials and information about our services that Greenwoods Legal LLP reasonably believes will be of interest to you. You are free to withdraw your consent at any time by emailing