All managing agents have legal obligations under the UK General Data Protection Regulation (GDPR) and must adhere to the general principles set down by the UK GDPR (that Is the retained EU law version of the General Data Protection Regulation and the Data Protection Act 2018).
You will have to notify the Information Commissioner (ICO) of your data processing activity.
Managing agents must maintain records of their processing activities.
Managing agents must have a purpose for processing personal data and a valid lawful basis for processing personal data.
Covering Topics
Overview
General Principles Of The GDPR
Obligations Of Managing Agents Under The GDPR
Registration With The ICO
What Happens If You Fail To Notify?
Lawful Bases For Processing Personal Data
Communicating information To Leaseholders
Right Of Access
Rectification And Accuracy
Right To Be Forgotten
Security Principle
CCTV or Smart Door Bells
Personal Data Breaches
A Landlord’s Legal Obligation To Disclose information
Can I Provide Names And Addresses Of Leaseholders To Other Leaseholders In The Block
Can A Landlord Put Up A List Of Leaseholders Who Are In Arrears?
Can Landlords Disclose Details Of A Leaseholder Who Left Without Paying The Rent Or Service Charge?
What About Handing Over Records When Transfers Of Management Occur?
What About Pitching For New Management Business?
Data Destruction And Shredding
Encryption
Requirement For Residential Management Companies To Notify
Further Information
Appendix I - Glossary
Appendix II - Data Breach Reporting Flowchart
Appendix III - Privacy Notice Template
Appendix IV - Privacy Notice Guidance
Appendix V - Carry Out Data Mapping
Resource
Last reviewed: 21 January 2026
This article is for Company members only
Become a member today to access exclusive insight from The Property Institute.
