GDPR came into force just over a year ago on 25 May 2018. Individuals are now more aware than ever of their data protection rights.
There have also been calls to reform our powers to increase the transparency of UK corporate entities and help combat economic crime.
Protecting your personal data is important to us. One of the things we’re aiming to do as part of the corporate transparency and register reform consultation is to strike the right balance between transparent company information and protecting personal data.
We’re required by law to publish information relating to companies, and individuals involved in those companies. It’s important that you understand what happens to that information when it’s filed with us.
It’s right that those looking to do business with companies have access to up-to-date company information as a trade-off for the limited liability status of those companies. It’s also right that those individuals involved in companies are not exposed to potential harm, identity theft or fraud because their personal information is made available to the public.
Currently we only have the power to suppress information from being available to the public in limited circumstances. We’re aware of concerns over the publication of personal data such as full dates of birth, signatures, and residential addresses which have been used as a company’s registered office address.
The consultation is seeking views on a series of reforms to our powers. Protecting personal information on the register is a key area. It specifically asks whether directors should be able to apply to suppress the ‘day’ element of their date of birth, information about a historic registered office where this is their residential address, and signatures.
The consultation is also proposing that we collect more information on companies and individuals. This includes verifying the identity of directors and persons with significant control. As a result, the private information we hold will increase and will be kept securely with appropriate technical and organisational measures. This additional information will only be accessible to law enforcement agencies and similar bodies in line with data protection requirements, and where appropriate information-sharing gateways are in place.
We’re also asking for your views on removing limitations in our powers to use residential addresses which we keep privately. There are instances where we’d need to disclose residential addresses to help transform our services to meet the future needs of the register. For example, to contractors engaged in providing core services on our behalf or to make more use of cloud-based services. As the data controller, we take the management of this data very seriously and appropriate security measures would be put in place. Any third-party data processors would be subject to data protection requirements and contracts which means residential addresses will continue to get the protection they need.
You have until 5 August to have your say on the consultation. We’re really looking forward to hearing your views.