ICO Data Protection Fee

bmouthboyo

Hi Everyone,
My wife who has started a small Ltd company business received this letter today:
Is it legitimate? It seems poorly written and does not use her name, just publicly available company house information. 
Thanks

J_B

Amusingly, when I questioned this here a while back ...

https://forums.moneysavingexpert.com/discussion/6094404/i-c-o/p1

someone commented ... <<How you have managed to be in business yet miss the rules over personal data handling is frankly amazing>>

It looks like I'm not the only 'ignorant' one!!

I sent the DD form off to them on 30/01/2020 and have today (05/03/2020) received confirmation - methinks that their recruitment drive is keeping them busy!!!

Savvy_Sue

Assuming it has the ICO's contact details on it somewhere, I'd have no doubts about it - those are the right weblinks, and you'd be typing them in rather than clicking on a potentially dodgy link. 

Having said that, the ICO isn't a limited company, so it's probably not required to meet these requirements, and it's obviously keen to do everything electronically. 

I'm not sure what you mean by poorly written - I see no spelling mistakes, and there are none of the infelicities I've come to expect from foreign bankers and the like. (Having said that, a charming Japanese gentlemen offered us the chance to defraud a bank the other day, in a properly typed letter rather than an email, and that was well worded, so who knows?)

Undervalued

If you are concerned all you need to do is contact the ICO directly. Do not use any information in the letter but get the details from another source.

oldbikebloke

Savvy_Sue said:

Assuming it has the ICO's contact details on it somewhere, I'd have no doubts about it - those are the right weblinks, 

correct. The ICO is indeed sending out these letters as part of a drive to extract money from "everybody" - we, along with others on this forum, have had many clients ask us the same question as the OP has posed - got a letter, what is it all about...
The answer is a resounding: Yes the ICO is "legit" and yes you must pay if you meet the data handling requirements.
 
Also, as already mentioned above, anyone in business who is unaware of data protection legislation should be ashamed of their lack of due diligence as it has been around for decades.

bmouthboyo

Thanks everyone. My wife's business doesn't process data as such and so we had assumed not needed. The only data she has really is client invoices which I think all companies must need to retain for a certain time. The reason we found it a bit suspicious is that there is no .gov address which we would have expected. 

tizerbelle

Your wife's business has client names and addresses and no doubt emails and phone numbers - that is all personal data.  She may even have sensitive personal data for example if she is asked to design an extension to accomodate a disabled relative moving in - she now has even more responsibilities to protect that data.  Processing data doesnt just mean doing something with the data, just storing it is classed as processing.  GDPR and Data Protection very much apply to her business.

Barney_Rubble_0403

http://ico.org.uk/for-organisations/data-protection-fee/
Have a rummage around the official site but the answer should be yes to an annual cost of £40. Don't know about the quality of the letter itself but they will write to businesses. 

Savvy_Sue

bmouthboyo said:

The reason we found it a bit suspicious is that there is no .gov address which we would have expected. 

Have to admit I was surprised to find they were .org.uk not .gov.uk but DH says they are a regulator not a government department. Even more surprised that they didn't have any kind of address on the letter.

If it had been an email, you'd have been well-advised NOT to click on the links but to type them in. Having typed them in, I'm convinced this is The Real ICO. 

martindow

Just to add, you can reduce the fee by £5 if you set up a direct debit, which also has the advantage that it won't lapse because you have forgotten to pay (as I did once ...)