From May 25th, when the EU’s General Data Protection Regulation (GDPR) comes into effect, your organisation must be able to prove it has a lawful reason for collecting and processing the personal data of tenants, employees and suppliers.
The GDPR states that organisations must meet one of the following conditions for the processing of personal data to be lawful. They are:
As Colin Sales, 3C Consultants’ Managing Director, explains in this video, the GDPR is more prescriptive as to how personal data should be processed.
For a housing associations, possible data subjects might include its employees, tenants, the relatives of tenants whose personal data is held by the landlord, and suppliers or outsourced contractors.
It’s not enough to know that your housing association meets one of the six conditions for processing personal data, says Colin. You will also need to document the lawful reason your organisation has for processing personal data and ensure it is explained in the association’s privacy notice. That privacy notice needs to be written in a way that’s easy to read and understand.
Your organisation should also take the opportunity ahead of the introduction of GDPR to review and if necessary update all your internal and external policies, procedures and documents that deal with or seek consent to process data to ensure they will be GDPR-compliant.
At the same time, staff should be trained, so they are aware of the legal basis your organisation will be relying on for GDPR.
If you need help or would like to discuss any issue that this GDPR video series raises, please call us now on 0333 900 3003.