We only registedred with ICO because it was a requirement for a listing with NRLA. Now they give us a window to renew, threaten with fine if we don’t and demand explanation if we decide not to. Do we owe it to them? Where do we legally stand?
Relevant sections from the letter are quoted below. Questionable statements are in bold. Thanks in advance for your help.
…
Dear xxxxxxxxxxxxxxxxxxx
Data protection fee renewal - ACTION REQUIRED BY 28/07/2024
Organisations that process personal data are subject to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Under the Data Protection (Charges and Information) Regulations 2018 (the Regulations) they must also pay an annual data protection fee, unless they are exempt.
Your payment and registration as a data controller under the Regulations will expire on 28/07/2024. You must now either:
renew your registration, taking the tier assessment to confirm the fee you need to pay (see ico.org.uk/fee-self-assessment), or
cancel your registration if your circumstances have changed, telling us why you no longer need to be registered.
Based on your last assessment you are now required to pay £40.00
Failure to pay on time If you don’t pay the (correct) fee, you could be fined up to £4,350. We will begin this process 21 days after your registration expires if we don’t hear from you first. We publish details of the fines we issue on our website.
The fact there is no assessment of any kind to measure the level of competency or awareness of the registrant says it all.
Here is an except from the ICO website
“Paying the fee and being listed on the ICO’s register of fee payers shows that your company take data protection seriously. It is a strong message for your customers – it lets them know that you value and care about their information. It also lets other organisations know that you run a tight ship.”
This is basically absolute tosh. It does not demonstrate in anyway that they know how to handle sensitive and personal data safely. I would argue that most landlords probably don’t have any real clue and regularly put peoples data at risk.
In my work I see first hand how many estate agents handle customers personal details, its often a complete and utter joke.
Totally agree. We have deregistered. We had four T since then, and none of them was impressed or glad that we’re registered. One actually laughed: “Oh, you’re hot on privacy, aren’t you?” Just makes you feel stupid.
never had an applicant bat an eyelid at signing the data protection form.
I tell you what is stupid though: paying £40 to be registered and not knowing what to do with data. I mean, if you’re going to pay the fee, you might as well take it seriously and do your due diligence. From that perspective, I can see why the ICO might assume people who decide to pay them money might also bother to become informed. But, hey, fools and their money are easily parted…
I think you’ll find that the fee we all pay, funds the ICO’s work, and enables them to enforce & investigate when data breaches occur. I would argue its important work. If they were not funded & able to do their work, your own personal data held by all the organisations that you choose to deal with would be at great risk if those organisations did not have to take data protection seriously.
So not interested in further discussion. Will just add that my personal data is being sold to all sorts. That’s how all the scammers and salesmen end up knowing your phone numbers and start cold-calling you. And I have no idea which ones of many organizations are selling this data. Talk about taking data protection seriously.
What I found ironic is that registering ICO means the landlord’s information are all in the public domain, anyone can see your name and address. How about GDPR for us? I don’t want to give the consent but is forced to.
Any tenant has a right to know the LL’s name and an address for service. That address doesn’t have to be your home address, but you do have to provide an address. Therefore, I can’t really see what the issue is with your claim about ICO registration making your details public.
Could you please provide us with your source for your claim @Jasmine_flat ? Thanks.
OK so I just went online. Put my name in and it came up with my home address… How do I known that this was going to go out to the whole world to see I would never ever have given them my home address. I have a registered address that I would’ve used. I’m absolutely shocked. I don’t have any issues supporting the ICO But this is pretty outrageous
Deregister keep all records manually as AST‘s prints, any searches that you do. Anything that comes in digitally print and delete you are now compliant as you are not storing anything digitally
Youd have to keep everything on paper and not organise it into a file if you want to de-register. In practice its next to impossible to do as youd have to refuse to accept emails and text messages from either the tenant or Openrent. You wouldnt be able to use referencing companies etc. Your name and address should be on the tenancy agreement anyway and if its not, the tenants have a legal right to demand it.
