Preparing for the General Data Protection Regulation in Social Housing

The General Data Protection Regulation (GDPR) will change the way tenant data is dealt with. From 25th May 2018, all organisations will need to ensure they comply with the new data protection legislation. At this stage the social housing sector needs to be aware of the changes and should start reviewing documentation, and whether processes will comply with the new requirements.

One new requirement is that of “accountability” – whereby organisations will need to show the way in which they are complying with data protection principles.

Requirements will change on key consent principles in the GDPR which will include:

  • Building customer trust and engagement.
  • Making sure that the consents you ask individuals for match your consent practices.
  • Offering individuals “genuine choice and control”.
  • Making statements of consent very clear and specific.
  • Being “granular” in the consent you’re asking for – a “blanket” consent under a generic statement isn’t good enough.
  • Naming the third parties who will rely on the consent.
  • Allowing people to withdraw their consent.
  • Keeping consent practices under review.

Emphasis of the principles is clear enough – manage personal information responsibility, make clear requests for what you require and offer people a genuine choice over whether to actually give their consent. A further aim of the GDPR is to prompt a cultural shift in the way that consent to sharing information is given. Consent should be separate from main terms and conditions, and it should require “clear affirmative action” from the individual giving it.