Welcome To Simplydocs

Monthly Archives: November 2017

Processing and Transferring Personal Data

If you process personal data, that processing is currently subject to the Data Protection Act 1998. As of next May, the EU General Data Protection Regulation – the GDPR – will take over. Continuing the changes, the new Data Protection Bill introduced recently will bring much of the GDPR, with a few minor differences, into UK law post-Brexit.

Changes in the Law

Much media attention has been devoted recently to the GDPR. Some of this has provoked questions about the future legal position on data transfer not only within the UK but also to other countries outside the EU or EEA. The good news is that, in our view, what you will need to do in the future will not really change in practical terms.

To Where are You Transferring Personal Data?

You might need to transfer personal data within or outside the UK, to a location within the EU or EEA, or to a non-EU/EEA country (a “third country”). In addition to general requirements for processing personal data, particular requirements apply to transfer of data within the UK or abroad as outlined below.

Transferring Personal Data Within the UK or EEA

Where a UK data controller has a data processor within the UK or the EEA processing personal data for it, currently the law requires a written contract obliging the data processor to act on instructions from the data controller and to comply with obligations equivalent to those in the Data Protection Act’s Seventh Data Protection Principle. The GDPR also requires the contract to detail the processing and the data processor’s obligations. Our template document Data Processing Agreement – Personal Data Security (UK/EEA) meets the current requirements for such a contract.

There are no officially recognised standard clauses for such a contract. There may be in future, but there are none on the horizon, so you may continue to use our template. If the position changes, we will, in addition to making any necessary changes to our template, advise you accordingly.

Transferring Personal Data Outside the EEA

The Act’s Eighth Data Protection Principle and the EU Directive 95/46/EC (often referred to as the “Data Protection Directive”) only allow data controllers to transfer personal data outside the EU if the destination country has an adequate level of protection for the rights of the data subjects concerned. A number of alternative methods of ensuring such protection exist, as follows, but we believe that the “model terms” option (see below) is the best and easiest solution. This is because in practice another method may not be available or it may be relatively difficult to use it. The alternatives are as follows:

1) Recognised Destination

The EU Commission website lists those countries which it recognises as satisfying the test of “adequate level of protection”. The current Act and the GDPR provide for such recognition as a means of satisfying the test for an adequate level of protection. Transfer of data from the UK to the USA is complicated. The USA is not listed as “recognised” but a transfer will be permitted if the USA recipient (“data importer”) has self-certified compliance with the Privacy Shield framework.

2) Adequate Level of Protection

If the destination country is not “recognised”, then the requirements of the Act’s Eighth Data Protection Principle may be met if the data controller concludes that there is an adequate level of protection for the person who is the subject of the data, having regard in particular to the “adequacy criteria” set out in the Act.

It may not always be easy to properly apply these adequacy criteria. Further, the self-assessment basis of ensuring an adequate level of protection will be different and reduced under the GDPR. All in all, we think it will be very difficult for you to make proper use of this method.

3) An Exemption

Schedule 4 of the current Act provides several exemptions from the application of the Eighth Data Protection Principle. Similar exemptions will apply under the GDPR. If one of them applies, you would not need to consider whether there is an “adequate level of protection” or to take any other special steps in relation to the transfer.

4) Agreement on “Model Terms”

In view of the uncertainties and difficulties of ensuring an “adequate level of protection”, it will often be easier and preferable to make use of the following means instead.

The relevant EU Directive provides that an adequate level of protection will be achieved if a data controller and data processor sign an agreement governing transfer of data on model terms issued by the EU Commission for such purposes. The Commission issued the model terms in 2010. The current Act gives effect to this means of compliance and the Information Commissioner authorised the EU Commission model terms. This creates a “safe harbour” for UK data controllers transferring personal data outside the EU or EEA. Our template document Data Processing Export Agreement – Personal Data Security (Non-EU) contains the model terms and it may be used where transferring personal data outside the EU or EEA.

Although the GDPR supersedes the EU Directive, it does not alter the model terms regime so our template can be used after the GDPR and, subsequently, the new Act come into effect. It appears unlikely that the model terms will be amended in the foreseeable future. If they are, we will amend our template to take account of those changes.

Your Experience

Do you transfer personal data to another organisation to process it in the UK/EEA or outside the EU or EEA? If so, we would like to hear about how you ensured compliance with the current Act and the Directive, and how you plan to ensure compliance with the GDPR and the new Act. If you transferred data outside the EU or EEA, then, in order to do so, have you made use of the “model terms”? Have you relied on some other option instead? Are you confident that you are complying with all legal requirements relating to data transfer?


Ban on Letting Agents’ Fees – Update

A draft Tenants Fees Bill has now been published. As expected, the Bill bans landlords and letting agents from requiring tenants to make any payments as a condition of their tenancy, with certain exceptions.

The Bill applies to assured shorthold tenancies and licences but not to other types of letting such as company lets.

Permitted Payments

The payments that can still be required from tenants are:

  • · Rent
  • · A refundable security deposit not exceeding six weeks’ rent (the original proposal was one month’s rent)
  • · A refundable holding deposit not exceeding one week’s rent
  • · Fees for management services carried out as a result of a tenant’s default (such as repairs arising from deliberate damage to the property or a breach of the tenant’s obligations)


Enforcement of the ban will be carried out by local authority trading standards officers. They can impose penalties of up to £5,000. A repeated breach is a criminal offence but a civil penalty of up to £30,000 can be imposed as an alternative to prosecution.

There is also a mechanism for Tenants to recover unlawfully charged fees.


The Bill is still in draft and has yet to be laid before parliament. The new rules are not likely to come into force before late 2018. However, lettings agents need to start thinking about how they will adapt their practices to comply with the new rules.

Short-Term “Airbnb-style” Lettings

Are you considering entering the short-term lettings market? It can be a fantastic source of income for property owners but there are downsides and risks. Here we look at the pros and cons and highlight some issues property owners need to consider before taking the plunge.

The Growth of the Short-Term Lettings Market

In recent years there has been a huge increase in the use of websites such as Airbnb, where home owners can advertise a room or a whole property as available for a short-term let. Originally, these websites were intended for consumer-to-consumer use – part of the “sharing economy” – but they are increasingly being used by property investors who see that there
is potentially more profit to be made from short-term lets than assured shorthold tenancies.

What are the Benefits of Short-Term Lettings?

There is a rapidly expanding market for short-term lettings, with many visitors preferring the independence of self-catering accommodation to a hotel stay. Agent websites such as Airbnb, HomeAway, and others make it easy for landlords to access this market.

Short-term lets are generally more lucrative for landlords than longer term lets, generating up to three times the income. In a prime area, granting short-term lets can be a reliable source of income.

What are the Downsides of Short-Term Lettings?

With a rapid turnover of guests, there is inevitably more work for landlords to do in terms of management and maintenance of the property. Landlords will either need to set aside the time to undertake this work themselves or appoint an agent to do it for them.

Using a property for short term lets can throw up issues with guests, neighbours, superior landlords and the local authority. Landlords need to anticipate the issues that may arise and be ready to deal with them if and when they do. For example, guests may complain about the facilities, neighbours may be unhappy with the behaviour of the guests, landlords may consider short-term lettings to be in breach of the lease covenants, and the local authority may receive complaints about noise or health and safety issues and take enforcement action.

The growth of the short-term let market in a particular area can have adverse consequences for local residents. Problems can include noise and disruption caused by guests, an increase in property prices, and a reduction in housing stock as investors look to acquire accommodation.

What do You Need to Consider Before Granting Short-Term Lets?

Here are some keys issues landlords need to consider before entering the short-term lettings market:

Planning Restrictions

In London, where living accommodation is much-needed, there are restrictions on using residential accommodation for short-term lets. Short-term lets are permitted provided they do not exceed 90 aggregate nights in any one calendar year. (Airbnb now restricts London hosts from letting their properties for more than 90 nights per year; other platforms do not impose this restriction.) If you intend to exceed the 90 night limit, consider applying for a change of planning use from residential (C3) to hotel use (C1).

Local authorities find this rule difficult to enforce as they do not necessarily know how properties are being used. It is possible that a notification requirement will be introduced whereby owners must notify the local authority of the dates when the property is being used for short-term lets.

Lease Terms

If you are a leaseholder, as opposed to owning the freehold of your property, does your lease allow you to grant short-term lets? Such lettings may fall foul of various restrictions in the lease such as:

  • · a requirement to use the property only as a private residence (the courts
    have held that short-term lettings are too transient to qualify as “private
    residence” use)
  • · a prohibition on using the property for a trade or business
  • · a prohibition on causing a nuisance (could be an issue in terms of the
    behaviour of guests)
  • · restrictions on subletting

If the short-term let use constitutes a breach of your lease your landlord may seek to forfeit (i.e. cancel) the lease or seek an injunction preventing you from using the property in this way. You may incur significant legal costs if your landlord takes such steps.

Mortgage Terms

Your mortgage terms may not allow you to use the property for short-term lettings. A breach of your mortgage terms may result in the property being repossessed unless you can repay the entire mortgage.

Buildings Insurance

Normal residential buildings insurance is unlikely to cover this sort of use. Check your policy and if necessary obtain specialist insurance.


An energy performance certificate (EPC) is needed for a property rented out as a holiday let for a combined total of four months or more in any 12-month period. If this applies to you make sure you have a valid EPC to avoid the local authority taking enforcement action.


There may be valuable items in your property and you will be allowing strangers to have access to it. How will keys be collected and returned? Who will check that the property is secure and your possessions intact?

Health & Safety

Ensure appropriate checks are made on gas and electrical installations and as regards fire safety.


Tax is a specialist area and beyond the scope of this note. Ask your accountant to advise on your tax position.

The Future of Short-Term Lets

Despite the pitfalls and obstacles mentioned above, the short-term letting market looks set to remain strong. Are you already involved in it? Are you tempted to give it a try? Have you been affected by the growth of short-term lettings in your area? As always, we welcome your comments below.