Few of us will need to be reminded that the General Data Protection Regulation (GDPR) came into force earlier this year. The GDPR is an EU measure that imposes strict rules on how personally identifiable information is controlled and processed. But in light of this new legislation, should landlords now require a tenant to covenant specifically to comply with the GDPR?
In short, the answer is no. There is little extra value to a landlord in requiring its tenant to covenant to comply with the GDPR. As a matter of law, a tenant (and its landlord for that matter) will have to comply with the GDPR regardless of any obligation in the lease.
Most leases contain a covenant by the tenant to comply with statutory obligations, so far as those obligations affect the premises. If a tenant does not comply with the GDPR, then its landlord can use this covenant to force the tenant to comply, at least to the extent that the non-compliance relates to the premises and could affect the landlord.