Data protection fee - reminder?
Discussion
ICO is definitely legit. I'd make sure it's actually from them, and not phishing though.
https://ico.org.uk/for-organisations/data-protecti...
Do the self assessment thing on that page, you might not need to pay a fee.
https://ico.org.uk/for-organisations/data-protecti...
Do the self assessment thing on that page, you might not need to pay a fee.
Eric Mc said:
Any business that keeps personal data on its files - for whatever purposes - is liable to pay the fee.
Eric, Normally you know exactly what you are talking about, but in this case you are spouting rubbish, maybe because it was late at night.ICO said:
Every organisation or sole trader who processes personal information needs to pay a data protection fee to the ICO, unless they are exempt.
Most small businesses are exempt.Simpo Two said:
What does 'processes' mean? If you just have a few customer e-mail addresses and phone numbers is that exempt?
Depends on what you are using them for.Despite the person above saying I am spouting rubbish, there is no specific exemption for small businesses. If you maintain a customer or supplier data base, then you should sign up and pay the fee.
GDPR UK is an absolute minefield now. Even for an organisation that has no retail customer exposure, it's hugely costly in terms of resource time to set up and manage policies, data audits, controller process agreements etc, etc without them charging a fee on top. Unfortunately, the modern business world is compliance gone mad 
silobass said:
I took it as being exempt for us. We obviously have customers emails and phone numbers but other than have them on our accounts records we don't do anything with them. I took processing as doing something with the information to try and get more sales or marketing.
It expands to purposes far more than marketing. Because of what I do (accountant) I have lots of sensitive and important data that I must hold for my clients. I must also register with the ICO and pay the annual fee.Most professional entities who hold personal data are required to register - whether they market or not.
The self assessment suggests your are exempt if you only process data for staff administration (payroll), accounts (invoices/payments), or advertising in connection with past, existing or present customers/suppliers.
I take that to mean if you hold data about clients in addition to these requirements, you need to register. I imagine this exempts quite a number of large businesses.
What I'm less clear on, is if clients give you data that is required to complete a service, but you don't process that data in any way other than that requested by a client to complete the service. For instance translating a document containing additional personal data, does that mean you are not exempt?
Terminator X said:
So got a letter which reads like absolute bobbins however it is from the sinister sounding Information Commissioner's Office ...
Anyone else get one and it is BS or legit? Legal responsibility to pay the fee they say with a website to do so.
TX.
Somehow the woefully useless ICO persuaded the government that they should be able to levy a fee to support their ineffectual asses. You have the privilege of paying it. Don't expect to see anything in return.Anyone else get one and it is BS or legit? Legal responsibility to pay the fee they say with a website to do so.
TX.
Zio Di Roma said:
Somehow the woefully useless ICO persuaded the government that they should be able to levy a fee to support their ineffectual asses. You have the privilege of paying it. Don't expect to see anything in return.
Most businesses, if they have to pay won't pay more than £60. Big companies get stung for £2,900.In what way do you think the ICO are useless?
I have no problem with the ICO. But one of THEIR problems is that they weren't given ENOUGH powers when originally set up. They have been around since the 1980s (when the first Data Protection Act was passed).
Also, they have no jurisdiction outside the UK and many serious data breaches are perpetrated by overseas businesses.
They have significant fining powers these days and some large organisations have been given very large fines for being sloppy with their customer data.
Also, they have no jurisdiction outside the UK and many serious data breaches are perpetrated by overseas businesses.
They have significant fining powers these days and some large organisations have been given very large fines for being sloppy with their customer data.
Ronstein said:
GDPR UK is an absolute minefield now. Even for an organisation that has no retail customer exposure, it's hugely costly in terms of resource time to set up and manage policies, data audits, controller process agreements etc, etc without them charging a fee on top. Unfortunately, the modern business world is compliance gone mad
Wasn't GDPR an EU initiative? All it means at pond level is that you have to 'accept' cookies and data storing to use a website - so rather pointless. And at huge cost to industry of course. I'm with RicksAlfas.And on the website theme, it's usually easier to find the 'modern slavery' statement than what you actually want to know.
GDPR is broadly similar to the previous Data Protection Act. I.e. if you're not compliant now, then you probably weren't compliant before either. Yes there are new bits that get the headlines, but the core concepts around how you process data are the same.
Care should be taken to not confuse needing to pay a fee to the ICO, and needing to be compliant with the regulations. You can be exempt from the fee but you'll still be down a hundred grand if someone finds a bin bag full of your customers' personal data.
Care should be taken to not confuse needing to pay a fee to the ICO, and needing to be compliant with the regulations. You can be exempt from the fee but you'll still be down a hundred grand if someone finds a bin bag full of your customers' personal data.
Gassing Station | Business | Top of Page | What's New | My Stuff