Letter from ICO data protection

SalonGeek

Help Support SalonGeek:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

NailsXpress

Well-Known Member
Joined
May 11, 2008
Messages
1,619
Reaction score
41
Location
Urmston, Manchester
Has anyone had a letter from ICO regarding data protection and asking for a fee from you?
 
No but I dealt with it when it first came out and was excempt as I don't hold electronic records. I've just bounced through the self assessment questionnaire to see if I would need to pay now if I held data electronically and answering the questions it seems I would still be exempt as I only hold the information for my business purposes not to process for anyone else.

Use the questionnaire on here, it's pretty easy:-

https://ico.org.uk/for-organisations/data-protection-fee/self-assessment/
 
I don’t hold any on a computer. In fact I don’t have one. People just call me for appointments. I don’t need their addresses. I don’t send emails or mass texts out either. So I’m guessing I’m exempt.
 
I don’t hold any on a computer. In fact I don’t have one. People just call me for appointments. I don’t need their addresses. I don’t send emails or mass texts out either. So I’m guessing I’m exempt.

Yes, I think its 3 questions in and you'd be extempt
 
Yes I’ve just looked. Done it. Exempt. Thank you for your help.
 
I just went through the questionnaire and correct me if I’m wrong but it if you keep personal information as long as it’s purely for invoicing/records/advertising to clients then you are exempt. That was my understanding, hope that’s right.
 
I've just checked and I'm not sure as my records are kept on cards but I do have clients email addresses but only send emails about once per month and it's only something I've started doing whilst we've been off because I can't see them. Doubt I'll continue once we go back to work so would you say I'd need to pay?
 
I've just checked and I'm not sure as my records are kept on cards but I do have clients email addresses but only send emails about once per month and it's only something I've started doing whilst we've been off because I can't see them. Doubt I'll continue once we go back to work so would you say I'd need to pay?

No, you not processing the data for someone else
 
No but I dealt with it when it first came out and was excempt as I don't hold electronic records. I've just bounced through the self assessment questionnaire to see if I would need to pay now if I held data electronically and answering the questions it seems I would still be exempt as I only hold the information for my business purposes not to process for anyone else.

Use the questionnaire on here, it's pretty easy:-

https://ico.org.uk/for-organisations/data-protection-fee/self-assessment/
Hi
I received the ICO letter this morning. Is this something new ? I went on their website to check if my company is exempt. Unfortunately I am not as I have CCTV cameras. So if you have computer records and CCTV then you have to pay. I will call them on Monday to find out a bit mire about it. Just hope it’s not a scam 😃
 
Hi
I received the ICO letter this morning. Is this something new ? I went on their website to check if my company is exempt. Unfortunately I am not as I have CCTV cameras. So if you have computer records and CCTV then you have to pay. I will call them on Monday to find out a bit mire about it. Just hope it’s not a scam 😃
It’s been in force for years but a lot of people don’t pay when they should. I think it’s only like £30-50/yr from memory
 
Thank you for you reply. My salon is very new and I wasn’t aware of it until I got the letter from ICO. I will pay on Monday as I now know it’s not a scam.
 
I did a course recently where the ICO and also GDPR was a topic. If you store email addresses and phone numbers of your clients on your mobile that is an electronic device and should be registered with the ICO as your clients can be identified through the data held. With GDPR everyone is likely collecting customer data as it is an insurance condition and although it may be paper based you still have to tell clients what you do with their data even if you are exempt with the ICO. So it is worth checking these things as a whole.
 
I did a course recently where the ICO and also GDPR was a topic. If you store email addresses and phone numbers of your clients on your mobile that is an electronic device and should be registered with the ICO as your clients can be identified through the data held. With GDPR everyone is likely collecting customer data as it is an insurance condition and although it may be paper based you still have to tell clients what you do with their data even if you are exempt with the ICO. So it is worth checking these things as a whole.

No necessarily, depending on the questions and how you answer. This last question:-

6. Are you a not-for-profit organisation that qualifies for an exemption?
Answer ‘Yes’ if your organisation was established for not-for-profit making purposes and does not make a profit. Also answer ‘yes’ if your organisation makes a profit for its own purposes, as long as the profit is not used to enrich others. You must:
  • only process information necessary to establish or maintain membership or support
  • only process information necessary to provide or administer activities for people who are members of the organisation or have regular contact with it;
  • you only hold information about individuals whose data you need to process for this exempt purpose
  • the personal data you process is restricted to personal information that is necessary for this exempt purpose

This is answered as a yes for me, my organisation only makes a profit for itself, and I only process information to maintain support (ie. book appointments/aftercare) therefore exempt.

You are under no requirement to pay a fee

Some not-for-profit organisations are exempt and based on the information you have provided you do not have to pay a data protection fee to the ICO.
However, it is important that your organisation adheres to the principles of the General Data Protection Regulations and understands best practice for managing information. To help ensure you are complying with the GDPR, we have produced a range of training materials including practical toolkits, training videos and more.
Even if you are exempt, you may still wish to
pay a data protection fee.
https://ico.org.uk/for-organisations/data-protection-fee/


I do however, have to follow the Data Protection regulations and GDPR stuff

It's trickily worded and you answer 'yes' when it feels like it should be 'no' responses. I think they should spend some time with the Plain English Society 🤪
 
No necessarily, depending on the questions and how you answer. This last question:-



This is answered as a yes for me, my organisation only makes a profit for itself, and I only process information to maintain support (ie. book appointments/aftercare) therefore exempt.

Data protection fee


I do however, have to follow the Data Protection regulations and GDPR stuff

It's trickily worded and you answer 'yes' when it feels like it should be 'no' responses. I think they should spend some time with the Plain English Society 🤪
Can I ask how your business makes a profit for itself and doesn't enrich you? Do you not take a salary? I agree the wording is abysmal with these things.

I think most people will need to register as as soon as you want to do marketing, you have to pay :)
 
Can I ask how your business makes a profit for itself and doesn't enrich you? Do you not take a salary? I agree the wording is abysmal with these things.

I think most people will need to register as as soon as you want to do marketing, you have to pay :)

It enriches me but not 'others' - the statement says 'profit is not used to enrich others' - ain't nobody profiting from me....hell not even me sometimes 🤪😆
 
Last edited:
Most therapists will store clients personal details at some point so it is better to be covered and I should also imagine most people on here will be trying to make a profit!
 
It enriches me but not 'others' - the statement says 'profit is not used to enrich others' - ain't nobody profiting from me....hell not even me sometimes 🤪😆
I'm no legal expert but that's not how it reads to me. When it says not enrich others I think in legal terms of 'others' is outside the business entity itself. You are an 'other' as the business owner. The company enriches you. If the money stayed in the company as a non-profit then it doesn't enrich anyway.

"makes a profit for its own purposes" is the key there I think. It's not for its own purpose. It's for the purpose of paying you :)

These things are terribly written on purpose ha.
 
I'm no legal expert but that's not how it reads to me. When it says not enrich others I think in legal terms of 'others' is outside the business entity itself. You are an 'other' as the business owner. The company enriches you. If the money stayed in the company as a non-profit then it doesn't enrich anyway.

"makes a profit for its own purposes" is the key there I think. It's not for its own purpose. It's for the purpose of paying you :)

These things are terribly written on purpose ha.

If I go back and answer No to question 6 (as above) then Question 7 gives a list of 34 reasons in answering 'None' to those, Question 8 checks that the information held is for 'Self Administration, Accounts or Records, advertising, marketing and public relations (in connection with your own business activity)' which they are so no requirement.

You are under no requirement to pay a fee
You are only processing personal data for the core business purposes. You therefore do not have to pay a fee to the ICO.

It's a fun game 🤪 😆
 

Latest posts

Back
Top