ICO demand – is it a scam?

by Readers Question

9:52 AM, 10th December 2019
About A year ago

ICO demand – is it a scam?

Make Text Bigger
ICO demand – is it a scam?

Our Ltd company has just received a demand from ICO (Information Commissioner’s Office) claiming that we are not registered with them. That is true…. I have never heard of or from them before.

They say our customers, clients and tenants expect us to take our data protection obligations seriously like the many real estate companies that have paid their fee on time. If we have not paid a data protection fee to ICO we could be liable to pay fines of up to £4000.

In former times we did take personal details from our, mainly student, tenants….names, addresses ,telephone numbers, college details etc. Nowadays however we use agents and although, if we wanted, we could have copies of all tenancy agreements we normally leave all that with the agents.

As we do not hold these details I think the rules (if there are such rules) do not apply to us directly, but might apply to our agents. But something about this demand smells of a scam.

How come we have never heard of this before? Has anybody else received a similar demand?

Nick

Editors Note:

ICO blog 03/12/2019 >> Click here

We have launched a campaign to contact all registered companies in the UK reminding them of their legal responsibility to pay a data protection fee. The move marks the start of an extensive programme to make sure the Data Protection Fee is paid by all those who need to pay it.

Under the Data Protection Act 2018 organisations processing personal information are required to pay a data protection fee unless they are exempt. You can quickly and easily find out if your organisation needs to pay the fee by using our self-assessment checker, but if you hold personal information for business purposes on any electronic device, including using CCTV for crime prevention purposes, it is likely an annual fee payment is due.

You can avoid us needing to contact you by either:

  1. Visiting our website to pay your organisation’s Data Protection Fee online
  2. Completing this form to tell us why your organisation is exempt from paying the fee.

Since the new annual data protection fee was introduced in May 2018, over 600,000 organisations have registered to pay it. They have gone on to access the range of services and support we provide to help them to comply with the law and give their customers, clients and suppliers trust and confidence in the way they process personal information. At the same time, between 1 July and 30 September 2019, we issued 340 monetary penalties to organisations that have not paid the Data Protection Fee.

As well as naming most organisations we need to fine, we also publish the names of all fee-paying organisations. This helps them make it clear to their customers, clients and suppliers that they are aware of their legal obligations when processing personal information.

We know data protection legislation can be complicated and we are here to help. The reminders we are sending to organisations are to help make it easy to comply with the law as well as access a great deal of advice and support available from the ICO. This includes:

  • a Helpline and Live Chat service dedicated to supporting small businesses and organisations;
  • a series of self-assessment tools and products on our website;
  • advisory visits and support designed to help small businesses and organisations to comply with the law.

The cost of the data protection fee depends on a company’s size and turnover. There are three tiers of fee ranging from £40 and £2,900, but for most organisations it will be £40 or £60. The cost is reduced by £5 if you sign up by direct debit and you can find out how much you need to pay by taking a self-assessment.

For further help and advice, call the ICO’s small business helpline on 0303 123 1113 between 9am – 5pm, Monday to Friday (excluding Bank Holidays).

Comments

Graham Bowcock

12:28 PM, 2nd March 2021
About 2 months ago

Reply to the comment left by RL at 02/03/2021 - 11:23
Yes, you are a data controller and need to have a privacy policy. This does not have to be elaborate, just enought to explain what data you hold and how.

Many landlords seem to think they are not in business and do not need to comply - they are and they do.

Mick Roberts

13:01 PM, 2nd March 2021
About 2 months ago

Reply to the comment left by RL at 02/03/2021 - 11:23
Ha ha brilliant u say:
now more confused than ever (it doesn't take much these days!).

Yes, me too am more confused the more things they bring out. There will be many of us who have done a good job for years housing (Benefit) tenants at quite often less than market rents & the more they chuck at us, we don't know what day it is & some of us end up being fined or get a criminal record for some new rule that wasn't rule 10 years ago & now only makes it more expensive to provide the house. And that's why us good 'uns are trying to pack up.

Well said Luke.

DSR

13:26 PM, 2nd March 2021
About 2 months ago

Reply to the comment left by Graham Bowcock at 02/03/2021 - 12:28
so do I need to issue a policy to all tenants and get them to sign it to say they are happy with how I store their info?
Anyone happy to share a policy they use please?

1 8 9

Leave Comments

Please Log-In OR Become a member to reply to comments or subscribe to new comment notifications.

Forgotten your password?

BECOME A MEMBER

Revised Right to rent requirments from 21st June