Now that the dust has settled on the introduction of the General Data Protection Regulations, many of us are thinking more about how the new rules will work in practice. For those of us in social housing, one of the obvious question marks comes over the sharing of CORE (COntinuous REcording) data with the Ministry of Housing, Communities and Local Government (MHCLG).
Historically, we upload all sorts of personal information about tenants to the site, including sensitive personal details around household’s members, such as income details. How does that fit with the requirements of GDPR, which aims primarily to give people control over their personal data?
As the CORE data is used to inform funding, regulation and other policy decisions around social housing and forms part of the wider policy debate – particularly around affordability – it is being collected as before. Clearly you will need to comply with the regulations around data handling and giving information to tenants.
GDPR and CORE Data: what do housing providers have to do?
This is a checklist – housing providers will have put some of this in place already:
- Create a Data Protection Officer CORE user on the CORE website. The Data Protection Officer is purely there for data protection purposes: they have to read and sign the data sharing agreement. Until that’s been done, their organisation won’t be able to submit CORE data.
- Every time you submit a renting or sale log, the data inputter must confirm that the tenant or buyer has seen the Annex 1 privacy notice which explains what will happen to their information and also their right to have it corrected.
- As all data is covered by the GDPR, not just that which you are currently submitting, institutions are required to ensure that (as far as possible) all past tenants see the Annex 2 privacy notice. However, MHCLG understand sharing this with all past tenants is going to be almost impossible in practice. So, you’re being asked to share it in the way you think best, which is proportionate in meeting the rights of tenants’ and buyers’ rights to be informed of how their data is shared.
Find links to these documents on GDPR and CORE here. Clearly, you’ll also have to comply with the requirements of GDPR in how you store and process tenant data.
GDPR and CORE Data: what other information do housing associations need?
The CORE section of the GOV.UK website can take you through the changes, with links to the information commissioner’s website and other helpful information.
Acuity is the only organisation approved by MHCLG to run training round CORE: we run two courses (‘Introductory / Refresher’, and ‘Managing CORE Online’) and will announce autumn dates for these on our website during the summer. Please contact us if you would like to express an interest or get an alert when dates go live. Finally, for queries directly regarding CORE, please contact: firstname.lastname@example.org