UK ICO prosecutes pay-day loans company — and its director — for failure to notify

The UK Information Commissioner’s Office (ICO) has prosecuted a pay-day loans company and its director for failing to notify that its business was processing personal data in the UK.

This case serves as an important reminder for businesses — and, in particular, for start-ups — that failure to notify before processing personal data in the UK is a criminal offence and that the ICO is not shy in prosecuting and publicising offenders. It is also an important reminder of directors’ liability for data protection offences committed by their companies.

Under the Data Protection Act 1998 (DPA), all ‘data controllers’ are required to notify the ICO of their ‘personal data’ processing activities. Notification was formerly known as ‘registration’ and the two terms are often used interchangeably…

If you are registered and logged in to the site, click on the link below to read the rest of the Nabarro briefing. If not, please register or sign in with your details below.

Briefings from Nabarro

View more briefings from Nabarro

Analysis from The Lawyer

View more analysis from The Lawyer


Lacon House
84 Theobald's Road

Turnover (£m): 116.30
No. of Lawyers: 360