ICO Data Protection Fee

Hi everyone,
Being a small time landlord currently (2 properties) I received a letter from the ICO Information Commissioners Office today to demand my Ltd company needs to pay the ICO Data Protection fee (£40). Not even being aware of this department in my ignorance but after doing a little background checking what with the GDPR regulations etc it would seem correct but has anyone any advice, I’m curious if by using OpenRent to conduct pretty much every aspect of my tenancies would this negate the need to pay this fee as strictly speaking OpenRent use/control the data etc.
I’m guessing since it would seem even holding a tenants number in your phone classifies you as a data controller in their world so I’m guessing there’s no way out of this tax, yet another parasitic bureaucratic hand taking something for nothing.


I dont know enough about this but I have no chance of my tenants details getting into the public domain as I keep Nothing on a computer and all in my diary

This is rather straightforward in the aspects that if you have keep hold or communicate electronically whatsoever any tenants details then you need to be registered this has been set up to permanently separate to you from your cash.

There’s only a few people that will be able to avoid paying this GDPR as you talk about and Colin is probably one of those few people but for the rest of us we have to bend over and touch your feet then you have to cough out the cash or you will be sitting on a unnecessary risk timebomb Of one day something going wrong and it coming to the fore.

1 Like

Cheers Andrew8

Love the explanation ha ha, Since I was right on the deadline of paying before I even opened the letter because you know some of us have full time jobs working away from home as well as trying to be a landlord I decided I best pay then follow up the research but as you state its most likely we all have to pay. Even holding my tenants number on my phone etc constitutes GDPR/ICO regs.
Made me laugh that ICO will make public my details after registering which goes against my GDPR I guess but hey hoo if it earns then money its ok by them. As for what did I get for my money after paying up, a shed load of redirections to documents to download and read and comply with, yeah i’ll do that in the 2 hrs a week I aren’t paying taxes thanks.


We have objected to this charge and don’t intend to pay it so have applied for the exemption. Doing their questionnaire gives a 99.9% chance that you think you have to pay as it is heavily biased in their favour. Receiving tenants email and storing their mobile number on your phone is by itself not reason to pay up imho. I have emails and mobile numbers from loads of non-tenants too and that is not a problem. Currently awaiting the ICO’s response to our objection.

1 Like

Would be good to know if you received the exception, as i felt same as you and did not register?

I too will be interested to see their reply, I did some research and it would seem as you say very heavily biased in their favour, practically all businesses fall under this ICO fee as who doesn’t use electronic data storage of some form these days. Its ridiculous as such data is essential in the course of nearly all business dealings in 2020!!! Infuriating parasitic fees once again imposed on business.


I dont use electronic data storage of any form these days!!

I would argue that the ICO folk would claim even calling your tenant whilst their number might not be stored in your phone constitutes using electronic devices with personal data etc, they want your hard earned money anyway they can :frowning:

The new Data Protection Act 2018 (which incorporates GDPR) brings ALL data into scope regardless of whether or not it is stored digitally or not. You still need to comply with requirements (although you do not need to pay a fee). By the way receiving a reference by email strictly speaking means you ARE processing personal data using digital means.

Hi Ian18
Thanks for the input but you mention not having to pay a fee (presuming this meaning the ICO fee i first posted about), yet as you state we clearly are processing personal data so how can one not fall under the ICO fee?


I think I meant to say “although you may not need to pay a fee”

FYI - no response from the ICO as yet.


I would argue as i use openrent referencing, that they are the data processor and not me, if i dont store anywhere. Still interested to know how Wenant management got on

i just thought to add that if you receive any personal data via email or indeed any electronic means, even just receiving the credit check file via email for instance then you need to be a registered data controller (Legally)

May 10th - still no response from the ICO.

Dec 24th 2020 - still no response.

Thanks for keeping us informed

Just reading through this thread. My understanding is that the landlord is the data controller (you decide what information to collect, who from and when) and Openrent are the data processor in the relationship (they process that data that you have given them/asked them to collect - they will also be a data processor in their own right because they decide what information they collect from us as landlords)… Controllers and processors | ICO

So, I would say, if you are entering or collecting data via Openrent, you should be registered, because you decide what data is collected and what you do with it (eg you choose who to reference etc).

When I was using an agent for all of my properties, I didn’t register because the agent held all of the information about the tenants and decided what to do with it. But I am registered now.

I think, in the eyes of the law, if you are letting via Openrent, you probably should be registered.

I know it’s just an extra tax and none of us want to pay it, but…Penalties | ICO

1 Like

ICO have a checker on their website that returns the result that landlords don’t need to register if they dont receive electronic data about their clients, (although this can be as little as their name and number in your mobile phone). However, like many government departments and agencies, the advice is what they would like to be the case, not what the law says. Lawyers that have looked closely at the GDPR legislation have concluded that all landlords need to register if they receive ANY data. Electronic or paper. Most probably still won’t and like much legislation, it will only come back to bite them if there is a future data breach and a tenant takes action against them. Pointing to ICO advice that they didn’t need to register may not protect them.

1 Like