Letter from ICO data protection

SalonGeek

Help Support SalonGeek:

NailsXpress

Well-Known Member
Joined
May 11, 2008
Messages
1,616
Reaction score
41
Location
Urmston, Manchester
Has anyone had a letter from ICO regarding data protection and asking for a fee from you?
 

Trinity

Brush Slayer Geek
Premium Geek
Joined
Jun 24, 2003
Messages
6,034
Reaction score
3,974
Location
Brighton, East Sussex
No but I dealt with it when it first came out and was excempt as I don't hold electronic records. I've just bounced through the self assessment questionnaire to see if I would need to pay now if I held data electronically and answering the questions it seems I would still be exempt as I only hold the information for my business purposes not to process for anyone else.

Use the questionnaire on here, it's pretty easy:-

 

NailsXpress

Well-Known Member
Joined
May 11, 2008
Messages
1,616
Reaction score
41
Location
Urmston, Manchester
I don’t hold any on a computer. In fact I don’t have one. People just call me for appointments. I don’t need their addresses. I don’t send emails or mass texts out either. So I’m guessing I’m exempt.
 

Trinity

Brush Slayer Geek
Premium Geek
Joined
Jun 24, 2003
Messages
6,034
Reaction score
3,974
Location
Brighton, East Sussex
I don’t hold any on a computer. In fact I don’t have one. People just call me for appointments. I don’t need their addresses. I don’t send emails or mass texts out either. So I’m guessing I’m exempt.
Yes, I think its 3 questions in and you'd be extempt
 

NailsXpress

Well-Known Member
Joined
May 11, 2008
Messages
1,616
Reaction score
41
Location
Urmston, Manchester
Yes I’ve just looked. Done it. Exempt. Thank you for your help.
 

Charlie276

Well-Known Member
Joined
Dec 18, 2019
Messages
52
Reaction score
27
Location
West Sussex
I just went through the questionnaire and correct me if I’m wrong but it if you keep personal information as long as it’s purely for invoicing/records/advertising to clients then you are exempt. That was my understanding, hope that’s right.
 

Mariejwic

Active Member
Joined
Jun 6, 2020
Messages
38
Reaction score
61
Location
Kirk Ella
I've just checked and I'm not sure as my records are kept on cards but I do have clients email addresses but only send emails about once per month and it's only something I've started doing whilst we've been off because I can't see them. Doubt I'll continue once we go back to work so would you say I'd need to pay?
 

Trinity

Brush Slayer Geek
Premium Geek
Joined
Jun 24, 2003
Messages
6,034
Reaction score
3,974
Location
Brighton, East Sussex
I've just checked and I'm not sure as my records are kept on cards but I do have clients email addresses but only send emails about once per month and it's only something I've started doing whilst we've been off because I can't see them. Doubt I'll continue once we go back to work so would you say I'd need to pay?
No, you not processing the data for someone else
 

Mariejwic

Active Member
Joined
Jun 6, 2020
Messages
38
Reaction score
61
Location
Kirk Ella

Chinju

Well-Known Member
Joined
Apr 13, 2019
Messages
109
Reaction score
30
Location
Sutton
No but I dealt with it when it first came out and was excempt as I don't hold electronic records. I've just bounced through the self assessment questionnaire to see if I would need to pay now if I held data electronically and answering the questions it seems I would still be exempt as I only hold the information for my business purposes not to process for anyone else.

Use the questionnaire on here, it's pretty easy:-

Hi
I received the ICO letter this morning. Is this something new ? I went on their website to check if my company is exempt. Unfortunately I am not as I have CCTV cameras. So if you have computer records and CCTV then you have to pay. I will call them on Monday to find out a bit mire about it. Just hope it’s not a scam 😃
 

BannerPenguin

Well-Known Member
Joined
Mar 3, 2013
Messages
2,961
Reaction score
1,117
Location
www.bannerpenguin.co.uk
Hi
I received the ICO letter this morning. Is this something new ? I went on their website to check if my company is exempt. Unfortunately I am not as I have CCTV cameras. So if you have computer records and CCTV then you have to pay. I will call them on Monday to find out a bit mire about it. Just hope it’s not a scam 😃
It’s been in force for years but a lot of people don’t pay when they should. I think it’s only like £30-50/yr from memory
 

Chinju

Well-Known Member
Joined
Apr 13, 2019
Messages
109
Reaction score
30
Location
Sutton
Thank you for you reply. My salon is very new and I wasn’t aware of it until I got the letter from ICO. I will pay on Monday as I now know it’s not a scam.
 

essentia

Well-Known Member
Joined
Jan 21, 2008
Messages
1,393
Reaction score
112
Location
Basingstoke
I did a course recently where the ICO and also GDPR was a topic. If you store email addresses and phone numbers of your clients on your mobile that is an electronic device and should be registered with the ICO as your clients can be identified through the data held. With GDPR everyone is likely collecting customer data as it is an insurance condition and although it may be paper based you still have to tell clients what you do with their data even if you are exempt with the ICO. So it is worth checking these things as a whole.
 

Trinity

Brush Slayer Geek
Premium Geek
Joined
Jun 24, 2003
Messages
6,034
Reaction score
3,974
Location
Brighton, East Sussex
I did a course recently where the ICO and also GDPR was a topic. If you store email addresses and phone numbers of your clients on your mobile that is an electronic device and should be registered with the ICO as your clients can be identified through the data held. With GDPR everyone is likely collecting customer data as it is an insurance condition and although it may be paper based you still have to tell clients what you do with their data even if you are exempt with the ICO. So it is worth checking these things as a whole.
No necessarily, depending on the questions and how you answer. This last question:-

6. Are you a not-for-profit organisation that qualifies for an exemption?
Answer ‘Yes’ if your organisation was established for not-for-profit making purposes and does not make a profit. Also answer ‘yes’ if your organisation makes a profit for its own purposes, as long as the profit is not used to enrich others. You must:
  • only process information necessary to establish or maintain membership or support
  • only process information necessary to provide or administer activities for people who are members of the organisation or have regular contact with it;
  • you only hold information about individuals whose data you need to process for this exempt purpose
  • the personal data you process is restricted to personal information that is necessary for this exempt purpose
This is answered as a yes for me, my organisation only makes a profit for itself, and I only process information to maintain support (ie. book appointments/aftercare) therefore exempt.

You are under no requirement to pay a fee

Some not-for-profit organisations are exempt and based on the information you have provided you do not have to pay a data protection fee to the ICO.
However, it is important that your organisation adheres to the principles of the General Data Protection Regulations and understands best practice for managing information. To help ensure you are complying with the GDPR, we have produced a range of training materials including practical toolkits, training videos and more.
Even if you are exempt, you may still wish to
pay a data protection fee.
https://ico.org.uk/for-organisations/data-protection-fee/


I do however, have to follow the Data Protection regulations and GDPR stuff

It's trickily worded and you answer 'yes' when it feels like it should be 'no' responses. I think they should spend some time with the Plain English Society 🤪
 

BannerPenguin

Well-Known Member
Joined
Mar 3, 2013
Messages
2,961
Reaction score
1,117
Location
www.bannerpenguin.co.uk
No necessarily, depending on the questions and how you answer. This last question:-



This is answered as a yes for me, my organisation only makes a profit for itself, and I only process information to maintain support (ie. book appointments/aftercare) therefore exempt.

Data protection fee


I do however, have to follow the Data Protection regulations and GDPR stuff

It's trickily worded and you answer 'yes' when it feels like it should be 'no' responses. I think they should spend some time with the Plain English Society 🤪
Can I ask how your business makes a profit for itself and doesn't enrich you? Do you not take a salary? I agree the wording is abysmal with these things.

I think most people will need to register as as soon as you want to do marketing, you have to pay :)
 

Trinity

Brush Slayer Geek
Premium Geek
Joined
Jun 24, 2003
Messages
6,034
Reaction score
3,974
Location
Brighton, East Sussex
Can I ask how your business makes a profit for itself and doesn't enrich you? Do you not take a salary? I agree the wording is abysmal with these things.

I think most people will need to register as as soon as you want to do marketing, you have to pay :)
It enriches me but not 'others' - the statement says 'profit is not used to enrich others' - ain't nobody profiting from me....hell not even me sometimes 🤪😆
 
Last edited:

essentia

Well-Known Member
Joined
Jan 21, 2008
Messages
1,393
Reaction score
112
Location
Basingstoke
Most therapists will store clients personal details at some point so it is better to be covered and I should also imagine most people on here will be trying to make a profit!
 

BannerPenguin

Well-Known Member
Joined
Mar 3, 2013
Messages
2,961
Reaction score
1,117
Location
www.bannerpenguin.co.uk
It enriches me but not 'others' - the statement says 'profit is not used to enrich others' - ain't nobody profiting from me....hell not even me sometimes 🤪😆
I'm no legal expert but that's not how it reads to me. When it says not enrich others I think in legal terms of 'others' is outside the business entity itself. You are an 'other' as the business owner. The company enriches you. If the money stayed in the company as a non-profit then it doesn't enrich anyway.

"makes a profit for its own purposes" is the key there I think. It's not for its own purpose. It's for the purpose of paying you :)

These things are terribly written on purpose ha.
 

Trinity

Brush Slayer Geek
Premium Geek
Joined
Jun 24, 2003
Messages
6,034
Reaction score
3,974
Location
Brighton, East Sussex
I'm no legal expert but that's not how it reads to me. When it says not enrich others I think in legal terms of 'others' is outside the business entity itself. You are an 'other' as the business owner. The company enriches you. If the money stayed in the company as a non-profit then it doesn't enrich anyway.

"makes a profit for its own purposes" is the key there I think. It's not for its own purpose. It's for the purpose of paying you :)

These things are terribly written on purpose ha.
If I go back and answer No to question 6 (as above) then Question 7 gives a list of 34 reasons in answering 'None' to those, Question 8 checks that the information held is for 'Self Administration, Accounts or Records, advertising, marketing and public relations (in connection with your own business activity)' which they are so no requirement.

You are under no requirement to pay a fee
You are only processing personal data for the core business purposes. You therefore do not have to pay a fee to the ICO.
It's a fun game 🤪 😆
 

Charlie276

Well-Known Member
Joined
Dec 18, 2019
Messages
52
Reaction score
27
Location
West Sussex

This link may be useful, it says that most salons and barbershops don’t need to pay
 

Latest posts

Top