Longford is home to a thriving business community, and letting agents in the Longford Town area and beyond are no exception. But many don’t realise the extent of their GDPR obligations — particularly around collecting excessive personal data from prospective tenants during the application process, including data not relevant to the tenancy decision. This guide breaks down exactly what’s required under Irish and EU data protection law.
Join 2,000+ Irish businesses already protected
Absolutely. Under the GDPR and the Irish Data Protection Act 2018, all letting agents in Longford that collect, store, or process personal data must be fully compliant. This covers everything from booking details and payment information to CCTV footage and staff records. The DPC can impose fines of up to €20 million for non-compliance, and Irish businesses of all sizes are subject to enforcement.
RISK ASSESSMENT
Collecting excessive personal data from prospective tenants during the application process, including data not relevant to the tenancy decision
Retaining unsuccessful tenant application records with detailed financial and employment information
Sharing tenant personal data with landlords, maintenance contractors, and reference agencies without proper agreements
Holding tenant data across multiple systems (email, CRM, property management software) without a unified retention approach
Processing tenant PPS numbers and income details for RTB and Revenue purposes without clear data handling procedures
DATA INVENTORY
FREE ASSESSMENT
See exactly where your Letting Agent in Longford stands on GDPR compliance — no signup required.
REQUIRED DOCUMENTS
Every Letting Agent in Ireland needs these documents to demonstrate GDPR compliance.
STEP BY STEP
Provide a clear privacy notice to every prospective tenant before collecting their application data, explaining what you will collect, why, and who you will share it with.
Only collect data from tenant applicants that is genuinely necessary for the tenancy decision — do not ask for PPS numbers, medical information, or family status at the application stage.
Set clear retention periods: delete unsuccessful applicant data within 6 months and former tenant records within 12 months of the tenancy ending (subject to any legal retention requirements).
Put data processing agreements in place with your property management software provider, reference checking services, maintenance contractors, and any third parties who access tenant data.
Implement access controls so that maintenance contractors cannot see tenant financial information, and different staff access only the data they need.
Establish a clear procedure for handling tenant data subject access requests — tenants have the right to see all personal data you hold about them.
Review your data flows to ensure tenant data is not scattered across personal email inboxes, WhatsApp messages, and paper files without any central record.
COMMON PITFALLS
Requesting PPS numbers, medical details, or family composition information from prospective tenants at the initial application stage when it is not yet necessary.
Keeping detailed application records for unsuccessful tenants — including bank statements, employer letters, and references — indefinitely in the filing system.
Sharing full tenant financial profiles with landlords when only a summary tenancy recommendation is needed.
Managing tenant communications and personal data through personal WhatsApp and email accounts without any security or retention controls.
FAQ
Everything you need to know about GDPR compliance for your business.
Contact usNEARBY COUNTIES
OTHER SERVICES
Every day your Letting Agent in Longford operates without proper GDPR compliance is a risk. The DPC is increasing enforcement across Ireland — get ahead of it today.
Join 2,000+ Irish businesses. No credit card required.