Just to be clear, some poor sod is going to end up getting a criminal conviction because someone at the company they work for but don't own fucked up. You get a so-so paid job at a mega corp and end up with a criminal record because some guy in an office you've never been to did something. That is nuts.

There are plenty of other positions in companies that come with similar personal criminal liability. They mostly only exist in finance industry, but the roles of CEO, CRO, MLRO etc in most financial institutions come with personal criminal liability.

The liability in these cases is usually tied to competence and knowledge. It’s illegal to be incompetent at your role, and it’s illegal to be ignorant of the activities of your company that fall within your roles responsibilities. The expectation is that individuals in this role will setup policy and monitoring frameworks to make sure that nobody is doing any stupid, that might result in them going to prison.

All of these requirements came into existence after the 2008 financial crisis, after it became apparent that senior leaders in financial institutions we’re keeping themselves deliberately ignorant of the misbehaviour of their companies, and creating a situation where nobody could be held responsible for the mess.

I’m not sure that age verification for website meets the bar needed for applying this approach here. But there are certainly places where it makes sense.

The law is changing so that the liability isn't limited to the company. That has all to do with the companies limited liability.

If you commit an act of murder as a company agent, limited liability isn’t going to protect you. This law is simply saying that failing in your legal responsibilities as a specific company officer is a criminal offence. Just like committing fraud as a company officer, or failing to produce accurate accounts will also expose you to personal criminal liability.

GDPR, Data Protection Act, etc all exist. These are all leveled againist the company.

> If you commit an act of murder as a company agent, limited liability isn’t going to protect you. This law is simply saying that failing in your legal responsibilities as a specific company officer is a criminal offence. Just like committing fraud as a company officer, or failing to produce accurate accounts will also expose you to personal criminal liability.

Comparing data protection with murder is silly. The law is simply stating if you breach data protection laws it's now a criminal matter againist a person instead of againist a company, Massive difference. Especially, if you registered a company to make sure you're not personally liable for data protect breaches.

And that's your mistake right here. A limited liability structure never protected you against wilfully breaking the law, or being criminally negligent, not when it came to murder, and not when it came to data protection. Just ask any engineer who signed off on a design that later turned out to be insufficient according to specification.

Data protection criminal charges used to be levied against random people within the company - and now they are focussed on the data protection officer (who criminally neglectfully abandoned their function if there is a breach).

If you are still confused about this concept, before you do more in the business structure world, it might be a good idea to talk to a lawyer and make them explain the difference to you.