ERPNext - Do I need to pay the ICO fee?

So you've seen wording like the following:

" the requirement to pay an annual data protection fee "

" require every business that processes personal information to pay a data protection fee to the ICO "

" Most companies need to pay £40 to £60 a year ... if you do not you could be fined up to £4000 "

Scary right?

It sounds like a scam, but this is the actual wording of the Information Commissioner's Office letter below.

If I were cynical I'd say:

I see where the word commission comes in!

Then you check up on websites to find out if holding someone's name and email address is deemed personal information ... and it is!

Given the above you would be forgiven for reaching for your credit card and begrudgingly asking: ... where do I pay?

In reality, most businesses are exempt. Here are the important exemptions (or out of scope situations) which strangely the ICO and many other websites do not publish or hide away:

1. Businesses that only process personal information for normal business operations:
2. Staff administration (including payroll);
3. Accounts or records (i.e. invoices and payments);
4. Advertising, marketing and public relations (in connection with your own business activity).
5. Personal or household activities – personal data processed in the course of a purely personal or household activity, with no connection to a professional or commercial activity, is outside the UK GDPR’s scope;
6. CCTV covering your own private property. If image capture extends beyond your boundary, you should have a sign.

In this case the first exemption is the most important. The ICO hide it away to the last question of their self-assessment, which I encourage you to do for your own peace of mind.

The self-assessment questionnaire.

To register your business for exemption: ico.org.uk/no-fee.