Renters' Rights Act 2025, Phase 1 commencement
Transition readiness pack
England

England � UK GDPR � ICO Registration � Tenant Data

Landlord GDPR & Data Protection Guide UK 2026

GDPR obligations for landlords in England 2026: what personal data landlords collect, ICO registration, lawful basis for processing, data retention, tenant subject access requests, and fines for non-compliance.

9 min readUpdated 14 May 2026Last reviewed: 17 May 2026GDPRData ProtectionICOLandlord Compliance

Most landlords do not think of themselves as data controllers, but any landlord who holds personal data about tenants, applicants, or contractors is processing personal data under the UK GDPR and the Data Protection Act 2018. Obligations include registering with the ICO, maintaining a lawful basis for processing, responding to Subject Access Requests, and retaining data no longer than necessary.

Most landlords must register with the ICO

Any landlord who processes personal data on a computer or structured filing system must register with the Information Commissioner's Office (ICO) unless they qualify for an exemption. The annual fee is �40��60 for most small landlords. Failure to register when required is a criminal offence with a fine of up to �4,350.

What personal data do landlords hold?

  • Tenant referencing data: name, date of birth, address history, employment details, credit check results, previous landlord references
  • Right to Rent documentation: passport copies, biometric residence permits, share codes, these are particularly sensitive as they include nationality and immigration status
  • Tenancy agreement: full name, contact details, bank account details (for rent payments and deposit protection)
  • Maintenance records: repair requests, inspection reports, contractor attendance notes, these may record personal information (e.g. tenant's working hours, access arrangements)
  • Financial records: rent payment history, arrears, correspondence about debt
  • Correspondence: emails, letters, text messages relating to the tenancy

ICO registration, who must register?

  • Any landlord who processes personal data on a computer or in a structured paper filing system must register with the ICO, unless they qualify for an exemption
  • The main exemption for landlords: processing personal data solely for staff administration, advertising, or accounts/records where the processing is in-house only. Many landlords fall outside this exemption
  • Annual fee: Tier 1 (turnover under �632,000, fewer than 10 staff), �40/year. Most private landlords fall in Tier 1
  • Register at ico.org.uk, registration takes 15 minutes and is renewed annually
  • Check your registration status even if you registered years ago, the obligation to re-register annually is not always communicated clearly

Lawful basis for processing tenant data

  • Contract: Processing necessary for the performance of the tenancy agreement (e.g. rent collection, repairs), the primary lawful basis for most landlord data processing
  • Legal obligation: Processing required by law, Right to Rent checks, deposit protection, gas safety records
  • Legitimate interests: Processing for purposes not covered by contract or legal obligation but where the landlord's interests are not overridden by the tenant's rights, e.g. credit referencing for a prospective tenant
  • You do not need to list the lawful basis in the tenancy agreement, but you must be able to identify it if asked

Data retention, how long to keep tenant records

  • Tenancy agreement and correspondence: retain for 6 years after the tenancy ends (limitation period for contract claims)
  • Gas Safety Records: retain for 2 years from the date of inspection (regulatory requirement)
  • Right to Rent documentation: retain for 1 year after the tenancy ends, then securely destroy
  • Referencing data for unsuccessful applicants: retain for no more than 6 months after the referencing check, then delete
  • Financial records (rent, deposit): retain for 6 years after the tenancy ends for HMRC purposes
  • Do not hold data 'just in case', retention must be justified by a specific purpose and timeframe

Tenant Subject Access Requests

  • A tenant can submit a Subject Access Request (SAR) asking for all personal data you hold about them, respond within one calendar month
  • The response must include: confirmation that you hold data, a copy of the data, the purposes for which it is processed, the categories of data, and the retention period
  • You can redact third-party data (e.g. references from previous landlords) if disclosing it would identify the third party
  • You cannot charge a fee for a SAR unless it is manifestly unfounded or excessive
  • If you receive a SAR, do not delete or alter any data, this can be treated as obstruction

Templates recommended in this guide

Put this guide into practice, get the Periodic Assured Tenancy Agreement from the LetSafe shop, the regulation-current pack that matches this guide.

TenancyLS-E-001

Periodic Assured Tenancy Agreement

The new default English tenancy from 1 May 2026. Periodic from day one, with the prescribed written statement of terms built in. Ships with the Form 4A rent-increase notice template and an Information Sheet delivery acknowledgement form so a buying landlord has every Phase-1 compliance document in one pack.

£29
Live now

Found a gap or disagree with something?

Reply to any LetSafe email or write to Richard@letsafeuk.co.uk. We rewrite guides when we get something wrong, the sooner we hear, the sooner we fix it.

Related landlord guides

Hand-picked by topic overlap with this guide.

England � Licensing � 2026
Selective Licensing 2026: What Private Landlords Must Know
A complete guide to selective licensing for English landlords in 2026: how designations work, which areas are affected, application requirements, licence conditions, and the penalties for non-compliance under the Renters' Rights Act 2025.
England � Practical Guide
EPC C Funding and Grants for Landlords UK 2026 � ECO4, Boiler Upgrade Scheme, and Green Finance
Guide to funding options for UK landlords upgrading rental properties to EPC C by 2030: ECO4 grant eligibility for landlords, Boiler Upgrade Scheme, Great British Insulation Scheme, green finance and retrofit mortgages, landlord EPC exemptions, and a step-by-step upgrade action plan.
England, Wales & Scotland � Energy � Smart Meter Guide for Landlords
Smart Meters in Rental Properties: Landlord Obligations, Consent, and Data Rights 2026
Smart meter installation in rental properties: who controls the meter, landlord consent obligations, data access rights under GDPR, EPC implications, and what to do at the start and end of a tenancy.
England � Compliance
Landlord Record-Keeping Guide 2026: What Documents to Keep and For How Long
Every private landlord in England must keep records to evidence compliance with safety, tenancy, and tax obligations. This guide covers which documents you must retain, for how long, the GDPR rules that apply to landlord records, and what to do if records are lost.
England � Compliance & safety � Tenant referencing � Right to Rent
Tenant Referencing 2026 � A Landlord's Complete Guide
Tenant referencing 2026 guide for landlords: what checks to run, how affordability referencing works under the Renters' Rights Act, Right to Rent immigration checks, GDPR obligations, and how to handle a failed reference. Updated for the new tenancy regime.
England � Renters' Rights Act � Compliance & safety
Rent-to-Rent UK 2026: Head Landlord Obligations, Renters' Rights Act Compliance and Key Risks
Rent-to-rent arrangements in the UK after 1 May 2026: what head landlords and R2R operators must know about RRA compliance, HMO licensing, Section 21 abolition, and civil penalty exposure up to �40,000.