Property managers: destroying tenant files
A property manager processes the data of everyone who rents a home or applies for one. Name and address, income and payment data, an identity document at the screening, the tenancy agreement and all the correspondence around the management. Part falls under the tax retention obligation. Part should be kept as briefly as possible. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.
In short, you keep the tenancy agreement and the financial settlement for seven years because of the tax retention obligation. Applications from rejected candidates, copy ID and other personal data you keep no longer than necessary. What may go disappears confidentially and with a certificate.
Private management, not a housing association
As a property manager you usually work for private owners or investors and not as a social landlord. That makes a difference for the GDPR. A housing association has its own rules around income assessment and allocation. As a private manager you collect only the data you need to let and manage a home, without the broad basis a housing association sometimes has. Keep that distinction sharp, because it determines what you may ask for and what you may keep. How it works on the social side you can read in social housing associations and tenant files.
In practice you often manage on behalf of the owner. You decide together with the owner which data is needed and who is responsible for what. Record that division of roles, so it is clear who ultimately clears out the files. Without that agreement files keep lying around because nobody feels they own them.
Retention periods by part
The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the end of the tenancy.
| Part | Starting point | Period |
|---|---|---|
| Tenancy agreement and financial settlement | Tax retention obligation | 7 years |
| Income and payment data | Purpose-bound and tax | until settlement + 7 years |
| Applications from rejected candidates | No agreement | as briefly as possible |
| Copy ID at screening | As limited as possible | only what is needed |
| Correspondence and reports | Purpose-bound | until settlement |
| Drafts and duplicate documents | No retention obligation | clear out at once |
Use this as a guideline, not a substitute for your own agreements with the owner. When in doubt, consult a privacy adviser. The tax side is in the 7-year tax retention obligation. A complete overview by document type is in the GDPR retention periods cheatsheet.
Applications and rejected candidates
At every letting, more candidates often apply than there are homes. For the candidate you choose, the application turns into a tenant file. From the rejected candidates you keep nothing you no longer need. A rejected application with income data and a copy ID that keeps lying around for months is exactly the kind of data you do not want to manage. Clear out rejected applications confidentially soon after the decision.
Keep only what you need to be able to rebut a possible complaint about the selection. That is a short period and certainly not years. That way you keep the pile of candidate data small and limit the risk in the event of a data breach.
Income and payment data
To assess whether a candidate can bear the rent, you often ask for income data, an employer's statement or bank statements. That is sensitive data. Do not ask for more than needed and do not keep more than needed. After the screening you no longer need the supporting evidence in the same volume. The rent payments during the term belong with the administration and fall under the tax seven years. Single supporting documents from the screening you clear out earlier.
Copy ID, be restrained
For a tenant screening you may identify someone, but that does not mean you may keep a full copy of a passport or driving licence. A copy ID contains a national ID number, a photo and more than you need, and is therefore sensitive. Note only the data you truly need and do not keep single copies longer than necessary. Once the screening is complete, you destroy the copy confidentially.
That way you avoid managing a mountain of identity data you did not actually need. How you handle a copy ID is comparable to other parties that ask for an identity document, from estate agents with NVM files to financial service providers.
Handover at ownership or management change
Property changes owner and management assignments come to an end. At such a change you hand over files to the new manager or the owner. Hand over only what the recipient needs and record what you handed over and when. Whatever you no longer need to keep yourself you do not retain as a shadow copy. An old set of files that keeps lying with you after the handover is a risk without a purpose.
This resembles what happens at a board change of a homeowners association, where personal data also passes from hand to hand. See member lists and personal data at a board change for that situation.
Clearing out after the end of the tenancy
When a tenancy agreement ends, part of the file stays needed for a while for the final settlement, the deposit and a possible dispute. Once that is settled and the tax period for the financial documents has passed, the purpose lapses. Do not hold on to complete files of departed tenants because they may come in handy one day. That is not a valid ground. Plan a fixed moment each year to review and clear out expired files.
How to handle it in 6 steps
- Split the data into administration, current files, applications and copy ID.
- Limit income and identity data to what the letting requires.
- Clear out rejected applications soon after the decision.
- Record handovers at a management or ownership change.
- Collect what may go in sealed containers, not in the paper bin.
- Have it destroyed confidentially with a certificate and record it in your register.
Destroy confidentially with a certificate
Tenant files are destroyed confidentially, because they contain identity, income and payment data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old management computer or backup with tenant data belongs with it too.
Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.
Tenant files to be destroyed?
Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.
Request a quoteCommon mistakes
- Keeping copy ID after the screening. Destroy the copy once you have assessed the candidate.
- Letting rejected applications linger. After the decision the purpose lapses.
- Keeping files as a shadow copy after the handover. Hand over and clear out your own set.
- Throwing away unshredded. A tenant file on the street is a reportable data breach.
- Keeping no proof. Without a certificate you cannot demonstrate the destruction.
Frequently asked questions
How long does a property manager keep a tenant file?
A tenancy agreement and the financial settlement fall under the seven-year tax retention obligation. Personal data from the file you keep no longer than necessary for the tenancy and its settlement. Whatever serves no further purpose afterwards you clear out.
May I keep a copy of a tenant's identity document?
Be restrained here. For a screening you may identify someone, but a full copy with a national ID number and photo you do not simply keep. Note only what is needed and destroy a copy once the screening is complete.
What do I do with files at a management or ownership change?
Hand over only what the new manager needs and record the handover. Whatever you no longer need to keep yourself you do not retain as a shadow copy but have destroyed confidentially.
How do I destroy tenant files in line with the GDPR?
Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.
Conclusion
A property manager works with identity, income and payment data of every tenant and candidate, between the tax retention obligation and the GDPR. Keep the tenancy agreement and the financial settlement for seven years, be restrained with copy ID and clear out rejected applications quickly. Record handovers at a management or ownership change and clear out files after the end of the tenancy. What may go you have destroyed confidentially with a certificate as proof. That way you meet both frameworks and protect your tenants' data.
Read also. engineering firms that destroy project files, installation companies that destroy customer data, self-storage and the destruction of customer contracts and the GDPR retention periods cheatsheet.
Have tenant files collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.