A guide on ICO data protection fees

Introduction

Data protection and data protection fees should not be taken for granted by landlords because they are important in order to avoid fines and make sure the data of tenants are kept up to date and safe.

New legislation has made this more strict in recent years because of the introduction of the internet and the government wanting to protect tenants’ data. So make sure you stay up to date with the topic.

What is a Data Protection Fee?

The Data Protection Act, which you can read in full on the government’s website here, states that organisations that process personal information have to pay a fee to the ICO (Information Commissioner’s Office). This is required by law because those who do not can face a fine of up to £4,000.

The fees are in place so that personal data can be protected by the ICO and they have enough money to enforce GDPR. The government also helps find the ICO too to make up for any deficits in funding.

As of 2019, there was a launch in legislation where the ICO tried to reach out to all companies in the UK to get them to pay their fee if they process data. Or they can register as exempt from the scheme.

The launch got companies to pay based on a tiered system with bigger companies having a larger charge and smaller companies paying less in a tiered system.

Is the Information Commissioner’s Office (ICO) important?

The ICO is the Information Commissioner’s Office and they are a registered body tasked with keeping the information of the public safe. They get funding from the government to enforce data protection in organisations throughout the UK.

This organisation has been open for over 15 years but the use of people’s personal data especially with the increase of people using the internet and social media has consistently needed more and more regulation over the years.

As a result, the company is certainly important. Not only do they just collect the fees, but they help spread awareness about the information companies should have when dealing with clients’ and customers’ data. Looking at the full legislation for the data protection act 2018 here helps you understand the extent to which a company should understand the law as the legislation is quite complicated

Visiting their website will provide you with a range of advice as well as templates to fill out to conduct a self-assessment for organisations processing data, exemptions and an extensive FAQ page that you can take a look at here.

How to pay a data protection fee

In order to pay for a deposit fee, you can pay online on the website of the ICO seen here. There are three ways to pay including a direct debit that is charged every year. If you use this option you will be able to receive a £5 discount. The other two ways to pay include credit (or debit) cards and cheques.

It is the company’s responsibility who is being charged to make sure the cheque is sent to the right place and there are the words “Information Commissioner’s Office” on the back of the cheque.

The fee for all organisations will have to be paid every 12 months. And will expire from the payment of the date of renewal, not from the date of payment.

In order to work out the exact ICO data protection fee you should be paying, you should check out the ICO website here.

Should you pay a data protection fee as a landlord?

Most of the time, a landlord has to pay the data protection fee. However, this is something that there are exemptions for so if you aren’t sure, double check as it may be the case a landlord doesn’t have to pay in the first place.

It is still the landlord who has the ultimate responsibility for paying this fee. It is just that sometimes they delegate the processing of information to a letting agent or property manager who will pay for the fee on their behalf.

How to work out if you are eligible to pay the data protection fee

When you become a landlord, most of the time this follows the need to follow the regulations that come along with protecting data. This is because collecting any form of tenant information is seen as personal information that requires you to pay the data protection fee.

It is pretty easy to see if you’re eligible by clicking here and looking at the government website. This will take you through a questionnaire on behalf of the organisation you are in.

Are there any exemptions for paying a data protection fee?

There are some exemptions that the Information Commissioner’s Office highlighted on its website. First of all, the organisation has a charitable status, the fee for these companies is never more than £40 per year depending on the size of the company. 

There are also a lot of exceptions depending on how you want to process data. Fees only have to be paid if you are controlling data rather than processing data for at least one of the following reasons:

• The administration of staff
• Public, marketing or advertising
• Recording the accounts you have
• For non-profit endeavours 
• For personal affairs
• To keep a public register everyone has access to 
• Judicial function
• Processing data without it being digital (like writing down the information on paper rather than using property management software)

In addition to this; if:

• The business operates with CCTV for crime prevention
• Your organisation isn’t responsible for how the information is processed

The final exemption is for those that are members of the House of Lords and are elected to be prospective representatives. You can go through a questionnaire designed by the ICO in order to confirm this here.

Do you have to pay a data protection fee if you use a letting agent?

No, the letting agent would have to pay for the data protection fee for the property instead of the landlord. This is because the data is transferred away from the landlord to the tenant. Any business that processes the data of members of the public such as tenants and those included in a tenancy agreement should have their data protected by paying a fee to the ICO.

This also includes property managers and those who may manage any part of a tenancy on behalf of a landlord. As long as you are able to prove the data protection fee is being paid by whoever is in charge of the data, this is all that needs to happen.

Penalties for non-compliance with data protection fees

As part of the policy laid out by the Information Commissioner’s Office, they will send out a reminder to all who are listed as needing to protect their clients’ and customers’ data under companies house.

After this notice that explains an organisation needs to pay, the organisation can either attempt to explain why they are exempt or pay it. If neither occurs or there is an attempt at being exempt but it is found to not be the case, the ICO will issue a fine of up to £4,350 which is 1.5 times the charge of the top tier fee in the first place.

How to make a data protection complaint

Any member of the public can contact the ICO if they have been receiving nuisance calls and messages or if they relieve unwanted electronic marketing through their mobile phone. They can visit the Information Commissioner’s Office here and find someone to contact

As well as this, if there is information online that you have asked a company to remove that contains personal data, the ICo can also be contacted for this matter

All these types of complaints should be taken up with the ICO on their dedicated complaints page here or if you would not like to complain but you would just like to express a concern which may not be personal, reach out to the relevant page here.

Because of this complaints procedure, it is easy to understand why there is a need for organisations who process data to pay fiend as these services couldn’t be funded otherwise.

In summary

In the context of properties, letting agents and property managers must pay data protection fees although there are certainly some that don’t wither legally with exemptions or illegally. 

Either way, it is not worth the risk, all landlords should go to the ICO website and take a quick self-assessment to see if they should be paying a fine or not as fines can get a lot more than what the ICO would charge you if someone took you to court privately.