While Companies House makes moves to increase transparency about
beneficial ownership of companies, it is also considering
deleting vast amounts of public records concerning dissolved
At present, details of dissolved companies are retained by
Companies House – and remain available to the public –
for 20 years. In response to an increasing number of
"right to be forgotten" requests made to
Companies House following the decision in Google Spain, it has
proposed reducing this period to six years. The Data Protection Act
does not specify how long information should be kept for, just that
information "shall not be kept for longer than is
It is not particularly difficult to set up a company in the UK
and there are a number of criticisms of the level of checks which
are done before someone becomes a director. Companies House
contains a significant amount of information about companies, their
activities and their directors including addresses, nationalities,
shareholdings, positions at other companies, charges and company
accounts. It is not hard to see why there are arguments in favour
of deletion and in favour of keeping the status quo.
Those in favour of a reduction say that Companies House holding
on to this information longer than six years is personally damaging
and in breach of data protection laws. They may, for example, argue
that being associated with a company which went bust a decade ago
is impacting on their current business activities.
Those against a reduction are more wide-ranging and more vocal.
Banks, lawyers, credit agencies and businesses routinely use this
information to conduct due diligence. The police and law
enforcement agencies frequently use this information in complex,
long-running investigations which will often span several years of
individual or corporate activity. Investigative journalists will
also use this information.
One of their arguments is that people who want this information
deleted more quickly may in fact have something to hide, and there
are examples of individuals who have been exposed by historic
information about dissolved UK companies which would not be
available today if Companies House's proposal was already in
They also argue that companies can be set up quickly, used to
facilitate a crime and then dissolved quickly. If this is part of a
larger web of fraud, money laundering, corruption or other economic
crimes, then deleting the information after six years could mean
criminals getting away with it, as vital evidence would be
It remains to be seen what Companies House will ultimately do
and the debate about how the balance between personal rights and
global transparency should be resolved will rumble on. While we at
Schillings would argue that it's
not a case of transparency OR privacy, what is clear is that
individuals, whether directors, shareholders or both, need to
remain alert to changes in the law and corporate reporting
obligations and how this may impact their privacy.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In light of the much anticipated ICO draft GDPR (the General Data Protection Regulation) Consent Guidance being published yesterday, 2 March 2017, we will be running a mini-series on the guidelines under consultation and the impact the GDPR will have on the much vexed position of consent and the impact on your business.
The first of our four discussions on the ICO guidelines for Consent will focus on the meaning of consent under the GDPR (General Data Protection Regulation) and how this change enhances the previous law on consent to data processing.
The fourth and final part of our mini-series on the draft ICO guidance on Consent, published on 2 March 2017, focuses on the practical impact the GDPR (General Data Protection Regulation) will have on how your organisation records and manages consent.
A fundamental aspect of all fair and lawful processing of personal data under the current data protection rules is the requirement for the party who is the data controller to meet one or more conditions ("the conditions for processing").
The second in our mini-series on the ICO guidance on Consent, published on 2 March 2017, focuses on how the changes to be introduced by the GDPR (General Data Protection Regulation) will impact upon your business and what you can do to pre-empt the changes before their introduction in May 2018.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).