A Cardiff-based green energy deal company, Becoming Green (UK) Ltd, has been prosecuted by the Information Commissioner’s Office after failing to notify the ICO that it handled customers’ personal data.
Appearing at Cardiff Magistrates Court, the director of the company, 39-year-old Mr Abdul Muhith of Cardiff Bay was also convicted for allowing the company to unlawfully process personal data without notifying with the ICO (section 61 of the Data Protection Act). He was fined a total of £270 and ordered to pay a victim surcharge of £27 and £300 prosecution costs. The company was also fined £270 and ordered to pay a victim surcharge of £27 and £300 prosecution costs.
The offence was uncovered when the company was being monitored following concerns about compliance. An ICO case worker noticed Mr Muhith had not registered the company with the ICO. As Becoming Green (UK) Ltd processed customers’ personal data this was a breach of the Data Protection Act.
Information Commissioner Christopher Graham said,
“Failure to notify is a criminal offence and it’s the data controllers’ responsibility. Mr Muhith failed to do so and now he is paying the price for his disregard for the law.”
Notification is a legal requirement for organisations processing personal data under the Data Protection Act. Most organisations will be required to pay an annual notification fee of £35 and provide details about the types of personal information they process.
Find out more about the notification process.
The ICO has produced an online self assessment tool to help businesses determine whether they need to notify.