Regulation and Enforcement Tenancy Management

GDPR: Do I really need to register with the ICO?

Sally Walmsley
Written by Sally Walmsley

The RLA has received a number of calls in recent weeks from members unclear as to whether they need to register with the Information Commissioners Office (ICO).

Our advice has always been ‘yes’, yet some landlords said they had been given conflicting information.

We suspect that some of this is because not all landlords think of themselves as a business and may be assuming that they can rely on exemptions that apply to people carrying out their own private affairs.

This is not the case and all landlords will be a business for this purpose.

To clear up any confusion we contacted the ICO to ask for clarification.

Most landlords should already be registered with the ICO and paying a fee under current data protection laws.

Those who are not, but who hold and/or process personal data (for example their tenants’) need to get in contact with the ICO and pay the necessary fee, in order to comply with GDPR.

You need to pay the fee by 14thJune 2018 if you are not already registered with the ICO. This is 21 days from the GDPR deadline of May 25th.

The process of paying this fee includes a requirement to provide the office with details including your name, address, trading name, number of employees and turnover.

In a statement the ICO said: “When the new data protection legislation comes into effect there will no longer be a requirement to notify the ICO in the same way.

“However, a provision in the Digital Economy Act means it will remain a legal requirement for data controllers to pay the ICO a data protection fee.”

In practice there is not likely to be any exemption from registering with the ICO and paying the required fee.  If you purely process data manually then you are exempt from registration.

This is not likely to apply because most if not all landlords will process data via their mobile telephones, tablets or PCs.

There is no exemption from the GDPR itself and landlords who hold tenant data will need to comply with this, regardless of whether or not they need to register.

I have already paid the ICO this year under the current data protection rules – what do I need to do?

Any landlord or lettings business that has already paid its fee for the year will only need to pay the revised fee when it is time to renew.  They will be contacted by the ICO to remind them close to the renewal date.

What is the fee?

The amount will still be based on the organisation’s number of employees and turnover.  Turnover is your gross income including the gross amount of the rents that you receive.   This is based on your last financial year.

Assuming that you have no more than 10 employees (if you have any at all) and as long as your turnover does not exceed £632,000 per annum, the fee payable is £40.  There is a £5 discount if you pay by direct debit.

What will the fees be used for?

The fees charged will be used to fund the ICO’s data protection work. As now, any money the ICO receives in fines will be passed directly back to the Government.

What is the penalty for non-compliance?

If you do not pay the ICO fee you could face a civil penalty of up to £4,350.

For more information on GDPR visit the RLA’s free GDPR guide here.

The association has also produced a number of sample documents, including a comprehensive privacy notice, which can be accessed here.

The RLA is also running a GDPR e-Learning course for landlords who want to know more about their new obligations.

About the author

Sally Walmsley

Sally Walmsley

Sally Walmsley is the Magazine and Digital Editor for the NRLA. With 20 years’ experience writing for regional and national newspapers and magazines she is responsible for editing our members' magazine 'Property', producing our articles for our news site, the weekly and monthly bulletins and editorial content for our media partners.


    • Hi – it will depend whether you personally hold any data. If you have any data that would identify the tenant(s) even if that is just a name, mobile number or email address and if you hold it electronically, or if it was originally shared electronically (ie: via email or mobile phone) then you need to register.

  • What I’m unclear about is who and how is this act “policed”? I’ve registered and paid because it’s “the law” but how does this benefit me and my tenants?

    Please advise.

    Thank you.

    • According to our legal advisers data subjects (ie tenants) can complain to the ICO about alleged misuse of their data – and the ICO will investigate their complaints. Additionally if landlords do not comply then if they have any claim against the tenant(s) – for unpaid rent etc – there is a risk that this could be ofset by a claim from the tenant(s) that they were suffering as a result of the landlord’s non-compliance. There is more information on the ICO website

  • Hi Sally, I just got an email from my landlord with the GDPR stuff. The problem is he says the ICO fee was £100 (it’s a private landlord with only that property in the market) and wants me to pay for it.
    As far as I understand, this is a legal requirement for him as a landlord, not a service for me, so I understand I’m not responsible for the payment…is that right?

    • Hi Ivan, thank you for getting in touch. This is very poor behaviour and you do not have any obligation to pay this fee, as you say. Is it possible that you could send me a direct message with the landlord’s details so that we can check to see if he/she is one of our members. My email address is

  • Thank you for this post. As a landlord with just two rental properties that I manage myself, I am aware of the requirements for data protection but was not aware that I was required to register with the ICO. Having been on their website and checked their requirements, I am now registered and fully compliant. Many thanks.

  • It says you need to register and pay the fee by June 2018 – I haven’t done this yet.

    If I register with the ICO now, will I be penalised for having not registered? Do they ask for back-dated information / fees and then enforce a fine for not complying?

    • Good afternoon. The ICO reported last year that there are penalties for non-compliance, yes. GDPR is a topic that our advice team do give advice on, so I would advise you to give them a call about your situation. Many thanks, Victoria

  • Hi Sally,
    I own two properties jointly with my wife but i manage most of the aspects of lettings including liasion with agents, information exchange etc.
    In such a case do both of us have to resister separately and pay £40 each or would it suffice for one of us to register.
    Could you please advise?

    • Hi, if both people are handling personal data, both will need to register with the ICO. This doesn’t just apply to a husband and wife, but also to business partners etc, but if you are unsure it is best to double check with the ICO themselves, by calling 0303 123 1113. More information about GDPR including exemptions can be read here. Hope this helps, thanks, Victoria

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.