https://companieshouse.blog.gov.uk/2019/06/27/protecting-your-personal-information/

Protecting your personal information

GDPR came into force just over a year ago on 25 May 2018. Individuals are now more aware than ever of their data protection rights.  

There have also been calls to reform our powers to increase the transparency of UK corporate entities and help combat economic crime. 

Protecting your personal data is important to us. One of the things we’re aiming to do as part of the corporate transparency and register reform consultation is to strike the right balance between transparent company information and protecting personal data 

We’re required by law to publish information relating to companies, and individuals involved in those companies. It’s important that you understand what happens to that information when its filed with us. 

It’s right that those looking to do business with companies have access to up-to-date company information as a trade-off for the limited liability status of those companies. It’s also right that those individuals involved in companies are not exposed to potential harmidentity theft or fraud because their personal information is made available to the public. 

Currently we only have the power to suppress information from being available to the public in limited circumstances. We’re aware of concerns over the publication of personal data such as full dates of birth, signatures, and residential addresses which have been used as a company’s registered office address 

The consultation is seeking views on a series of reforms to our powersProtecting personal information on the register is a key areaIt specifically asks whether directors should be able to apply to suppress the day element of their date of birth, information about a historic registered office where this is their residential address, and signatures. 

The consultation is also proposing that we collect more information on companies and individuals. This includes verifying the identity of directors and persons with significant control. As a result, the private information we hold will increase and will be kept securely with appropriate technical and organisational measuresThis additional information will only be accessible to law enforcement agencies and similar bodies in line with data protection requirements, and where appropriate information-sharing gateways are in place.  

Were also asking for your views on removing limitations in our powers to use residential addresses which we keep privately. There are instances where we’d need to disclose residential addresses to help transform our services to meet the future needs of the register. For example, to contractors engaged in providing core services on our behalf or to make more use of cloud-based servicesAs the data controller, we take the management of this data very seriously and appropriate security measures would be put in placeAny third-party data processors would be subject to data protection requirements and contracts which means residential addresses will continue to get the protection they need.   

You have until 5 August to have your say on the consultation. We’re really looking forward to hearing your views. 

Sharing and comments

Share this page

18 comments

  1. Comment by Val Robertson posted on

    In my experience Companies House interprets the rules in a manner which creates unnecessary exposure for fraud, especially identity theft. For example there is NOTHING in the rules which prevents Companies House from redacting signatures before publishing documents - in the same way that local planning authorities do. It is obvious common sense to redact signatures and yet Companies House argue that they cannot redact signatures because signatures are not specifically included in the list of items which should be redacted. Maybe this is because it was assumed that redacting signatures is so obviously necessary for the protection of the signatory that it didn't need to be specified?

    This is just one example where Companies House interpret the rules in an illogical manner which creates unnecessary risk of fraud and identity theft for directors - and even appeals to the ICO just result in the response that Companies House have the power to interpret the rules as you see fit. So in my view Companies House already has way too much power, which I believe it abuses - and the proposal to increase this power worries me, as you do not apply logic or common sense in exercising your existing powers. So God help us if you are given even greater power!

    • Replies to Val Robertson>

      Comment by Jonathan Moyle posted on

      Thanks for your comment.

      Under the current law, we do not have the power to remove this information. The GDPR rights do not apply as we’re legally obliged to make this information available to the public.

      The proposals address concerns about the publication of personal data, such as dates of birth and signatures. If you haven't already, please fill in the consultation to make sure your views are considered: https://www.gov.uk/government/consultations/corporate-transparency-and-register-reform

      • Replies to Jonathan Moyle>

        Comment by Valerie Robertson posted on

        This is nonsense. There is nothing requiring you to publish signatures and nothing preventing your from redacting signatures from the documents which you ARE required to publish. It is akin to local authorities who are required to publish documents such as planning applications, but who have the common sense to redact signatures.

        When I complained about the publication of signatures, Companies House replied that the legislation specified that certain information (such as e-mail addresses) must be redacted, but signatures were not listed. Perhaps this is because the redaction of signatures is such obvious common sense that a specific instruction was considered unnecessary?

        I repeat there is NOTHING which prohibits Companies House from redacting signatures and I believe that you DO have the power to do this - indeed I would say that you have an obligation to apply such common sense in the same manner as other organisations, such as Local Authorities.

  2. Comment by Syed Baqar Abbas Zaidi posted on

    My personal details must be hidden like directors DoB, home address and signatures.

    Syed

  3. Comment by Mr Steve Newland posted on

    The information now available on the Companies House website is in conflict with the requirements of GDPR.

    I have previously objected to my personal information, including address, DoB and signature being readily available to fraudsters. I am also currently having problems with my identity having being stolen, using information sourced from the website.

    All signatures should at least be urgently redacted and DoBs removed, not just from new information submitted, but also that historically held and available to view.

    • Replies to Mr Steve Newland>

      Comment by Jonathan Moyle posted on

      Thanks for your comment.

      Under the current law, we do not have the power to remove this information. The GDPR rights do not apply as we’re legally obliged to make this information available to the public.

      The proposals address concerns about the publication of personal data, such as dates of birth and signatures. If you haven't already, please fill in the consultation to make sure your views are considered: https://www.gov.uk/government/consultations/corporate-transparency-and-register-reform

  4. Comment by Nigel Warn posted on

    I agree that date of birth should not be published and also private addresses.
    Nigel Warn

  5. Comment by Ze posted on

    DOB and private address should not be accessed.

  6. Comment by Mrs Fok posted on

    I also am concerned that my address is fully available, however recently I was able to see that a company has used my address to register their company!

    I think date of birth should be removed.

  7. Comment by Sami Sheikh posted on

    I agree. We should not be sharing date of birth, signature, personal home address with anyone. This open doors to fraud, identity theft. If this happens, the data service provider has the accountability and responsibility to ensure this does not happen.

    If personal data is to be shared, the data service provider must seek approval and clearly state the reason and where data is to be used, will it be forwarded to others etc., and must provide requester details.

    Time has changed, data is a key asset and is easy to access.

  8. Comment by Joanne Forster posted on

    DOB, private addresses and in particular signatures should NOT be accessible for anyone to see. In this day and age with fraudsters and ID theft etc., this should not be allowed. Come on Companies House - Get these removed immediately!!

    • Replies to Joanne Forster>

      Comment by Jonathan Moyle posted on

      Thanks for your comment.

      Under the current law, we do not have the power to remove this information. The GDPR rights do not apply as we’re legally obliged to make this information available to the public.

      The proposals address concerns about the publication of personal data, such as dates of birth and signatures. If you haven't already, please fill in the consultation to make sure your views are considered: https://www.gov.uk/government/consultations/corporate-transparency-and-register-reform

  9. Comment by Joanne Forster posted on

    Being legally obliged to make information available to the public SHOULD NOT include a persons signature and I would have thought that GDPR would cover this. A signature has absolutely no relevance to the information being shown on any of the documents. The fraudsters must be having a field day with the amount of personal information that is currently widely available.