WIREDGOV

A Cardiff-based green energy deal company, Becoming Green (UK) Ltd, has been prosecuted by the Information Commissioner’s Office after failing to notify the ICO that it handled customers’ personal data.

Appearing at Cardiff Magistrates Court, the director of the company, 39-year-old Mr Abdul Muhith of Cardiff Bay was also convicted for allowing the company to unlawfully process personal data without notifying with the ICO (section 61 of the Data Protection Act). He was fined a total of £270 and ordered to pay a victim surcharge of £27 and £300 prosecution costs. The company was also fined £270 and ordered to pay a victim surcharge of £27 and £300 prosecution costs.    

The offence was uncovered when the company was being monitored following concerns about compliance. An ICO case worker noticed Mr Muhith had not registered the company with the ICO. As Becoming Green (UK) Ltd processed customers’ personal data this was a breach of the Data Protection Act.

Information Commissioner Christopher Graham said,

“Failure to notify is a criminal offence and it’s the data controllers’ responsibility. Mr Muhith failed to do so and now he is paying the price for his disregard for the law.”

Notification is a legal requirement for organisations processing personal data under the Data Protection Act. Most organisations will be required to pay an annual notification fee of £35 and provide details about the types of personal information they process.

Find out more about the notification process.

The ICO has produced an online self assessment tool to help businesses determine whether they need to notify.
 
ENDS
If you need more information, please contact the ICO press office on 0303 123 9070 or visit the website at: www.ico.org.uk.

Notes to Editors
1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
 
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
• Fairly and lawfully processed
• Processed for limited purposes 
• Adequate, relevant and not excessive 
• Accurate and up to date 
• Not kept for longer than is necessary 
• Processed in line with your rights 
• Secure 
• Not transferred to other countries without adequate protection

4. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter.

5. For more information, please contact the ICO press office.