Please ensure Javascript is enabled for purposes of website accessibility


Big things are happening at Ogier. Change is embedded in everything we do. It is redefining our talent, our ways of working, our platforms of delivery, our culture.



We have the expertise to handle the most demanding transactions. Our commercial understanding and experience of working with leading financial institutions, professional advisers and regulatory bodies means we add real value to clients’ businesses.

View all services

Business Services Team

View all Business Services Team


Our sector approach relies on smart collaboration between teams who have a deep understanding of related businesses and industry dynamics. The specific combination of our highly informed experts helps our clients to see around corners.

View all sectors


Ogier provides practical advice on BVI, Cayman Islands, Guernsey, Irish, Jersey and Luxembourg law through our global network of offices across the Asian, Caribbean and European timezones. Ogier is the only firm to advise on this unique combination of laws.

News and insights

Keep up to date with industry insights, analysis and reviews. Find out about the work of our expert teams and subscribe to receive our newsletters straight to your inbox.

Fresh thinking, sharper opinion.

About us

We get straight to the point, managing complexity to get to the essentials. Our global network of offices covers every time zone. 

No Content Set

Director held personally liable for data protection breach


29 May 2024


1 min read

The recent Irish case of Nolan & others v Dildar & others [2024] IEHC 4, addressed the potential personal liability of a director of an Irish company for breaching data protection laws.

Background to the case

The case, which was decided under the Data Protection Acts of 1988 to 2003 - predating the General Data Protection Regulation (GDPR) - demonstrates the established principle that company directors may be held personally liable if they are the direct authors of a tort, even when acting under the guise of a company on whose board they sit. The court held that the contractual relationship in question was between the two companies involved, not the director personally, which indicates that establishing personal liability requires clear evidence of personal action beyond mere directorship.

Findings of the case

In this instance, one Mr Millett, a director, was found personally liable for the unauthorized disclosure of personal data, which constituted a tort under the then-applicable data protection law. The court established that Mr. Millett could not escape liability simply because his actions were conducted on company letterhead, as he was the human author of the correspondence that led to the breach.

Pre-GDPR, for compensation to be awarded under the applicable legislation, a data subject had to show that the breach caused actual damage. Under the GDPR, for a claim for damages to lie, three conditions must be satisfied, namely that GDPR was breached, material or non material damage had been suffered and there was a causal link between the breach and the damage.

Outcome of the verdict

This case demonstrates the importance of compliance with data protection laws, and ensuring that directors are well versed in them. The protective corporate veil may not extend to personal acts of wrongdoing, including breaches of data protection requirements. Directors of Irish companies need to be mindful of their personal actions and the potential for liability, particularly in the realm of data protection.

About Ogier

Ogier is a professional services firm with the knowledge and expertise to handle the most demanding and complex transactions and provide expert, efficient and cost-effective services to all our clients. We regularly win awards for the quality of our client service, our work and our people.


This client briefing has been prepared for clients and professional associates of Ogier. The information and expressions of opinion which it contains are not intended to be a comprehensive study or to provide legal advice and should not be treated as a substitute for specific advice concerning individual situations.

Regulatory information can be found under Legal Notice

No Content Set