Protecting tenants’ personal & financial data

By Gareth Roberts, Design & Print Manager, 24 Design & Print

The introduction of the General Data Protection Regulations (GDPR) in May 2018, means customer data which is stored and communicated in any way, needs to be done so securely. GDPR is a law which concerns data protection and privacy for individuals and it becomes relevant and important when it comes to protecting personal and financial information which both Housing Associations or Landlords keep on file on behalf of tenants. Failure to comply with GDPR and be able to prove everything was done to protect the privacy of individuals and data could incur hefty fines based on a % of turnover.

Therefore, to avoid facing significant consequences, organisations who are the gate keepers of the data are required to protect customer information and privacy from mis-use or exploitation and this essentially means keeping it secure.   Storing information with heavy encryption and password protection is necessary and most organisations have been able to implement processes to ensure data is stored safely since the introduction of the regulations.

However, what about when information needs to be sent by email or letter to tenants?   Rent statements, works improvement letters, rent increase letters or any communication like this is also subject to GDPR. In fact, any email or print communication needs to be completed securely, protecting the privacy of the individual to whom it is addressed.

The good news is that there are solutions available: for example, some larger organisations have developed the facility to upload rent statements to a secure FTP site which is a secure portal enabling users to go online and check the financial status of their account using secure passwords and encryption. However, many individuals – perhaps on low incomes – may not have the technology to access the internet in this way.   Some elderly or vulnerable people may not have the skills to be able to find the information in this way.   In addition, to set up a secure FTP site internally a price tag will be attached so it may not be the most cost effective solution either.

The alternative may be to email information. However, emailing residents also presents issues as it is difficult to send a secure email. In addition, Housing Associations for example may struggle to obtain email addresses for all tenants, yet they will have their addresses. Therefore, in short, ‘snail mail’ is not going away in a hurry as a medium to communicate with service users and residents in the housing industry.

However, printing a significant volume of rent statements or letters to tenants is hugely time consuming and can be expensive – with the cost of a second-class stamp now at 61p.   The solution is often found in outsourcing to a specialist mailing house. Because such mailing houses nurture close relationships with the Royal Mail or other DSA (downstream access) suppliers and buy in bulk, they can often offer advantageous rates on postage. This means it is usually cheaper to outsource than print in-house – for example mailings over a certain volume can attract rates of less than 40p/unit (including data processing, printing, mailing and postage) with the right provider. Mailing houses will also have processes related to GDPR nailed down firmly, as it is likely they will be strictly audited several times per year (I know we certainly are at allpay!)

So, use a mailing house: GDPR problem solved? Well not quite. How the Housing Association or Landlord communicates the individual’s data to the mailing house itself, is where we can see processes fall down. ‘Just emailing over an Excel file or a Word document, even if it is zipped up with a password is not best practice.   Emails can go astray, they can be sent to the wrong person plus, such zip files – even password protected ones – are easy for skilled hackers to open. As the owner and gatekeeper of the personal data, the information really needs to be uploaded to a secure portal to ensure GDPR compliance. Using a SFTP (Secure File Transfer Protocol) will ensure data is protected properly and lawfully.

Once in receipt by the mailing house, the communication to residents is printed in large batches and securely put through a mailing machine and then sent in the post.

With council budgets being cut and all organisations needing to manage finances carefully, outsourcing printed communications to tenants through a specialist mailing house can offer cost saving advantages and free-up valuable human resources to work on other projects. However, most importantly, it will ensure GDPR compliance to protect the personal data of residents.

A further advantage is that the mailing house can advise on any changes in legislation moving forward and there may well be some, given the changes with the UK’s EU status.

As part of the allpay Group and 24housing, 24 Design & Print has extensive business experience in local government and the housing sector, working with around 800 Housing Associations across the UK offering secure communication and printing services as well as advising clients about GDPR compliance in relation to printing. For further information please see