[Edit this is a historic dispute for energy used for most of 2023/2024 ]
In this case the utility company did not have the tenant’s name on account, so have billed the LL. LL can resolve by sending TA to the utility company - but is this a privacy breach or covered as “legitimate interest” or “contract fulfilment” ?
I’ve never, in decades, had to send an AST to a utility company. Just tell them that they need to get in touch with the tenant at the property address and bill them anew. Best to give them check in meter reads if they don’t already have them.
If the bill has your name on it and went to the property address (always best to have it go to your correspondence address) then deliver it to the tenant and ask tell them they need to contact utility company to sort it. Do this as well, not instead, of the point in my first para.
oh… and you really should have a clause in your AST that basically allows you to pass the T’s name email and phone number to relevant third parties (trades, utility companies, the drug squad, etc.)
… that last one was a joke BTW.
Thanks all - I’m not the LL - asking for a friend. (really) - bill goes back to 2023!
BTW I’ve read clauses in AST have no bearing on GDPR compliance,
but I agree LL should just tell utility company the correct person to chase - and provide any meter readings.
Your friend should have a data protection statement which they have them sign. Easy to put it in there.
Your friend does have one, right?
And is registered with the ICO, right?
Your GDPR Privacy Notice should list the organisations you may share data with and utility companies should be on the list. If its not, I suggest you review it for future use. However, even without this, you could argue that you have a legitimate interest in sharing this information with them.
Ta LL uses an Agent so not currently ICO registered? Agent should have handled all of this, but unfortunately Agent is useless/hostile - but LL seemed keen to continue using them until everything has inevitably gone to shite! 
He should still be ICO registered even with an agent. He should also have his own GDPR notice.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.