Yea, they can intercept the data and where it's going, and draw contextual clues from that. However, there is nothing whatsoever illegal about using a VPN (in free countries, anyhow). So they can do nothing to you for that offence alone. The trouble is that many VPN's are not quite as "no log" as you might think - they often just purchase server time from server farms, who would have full access to the data in their own logs. The company technically is not logging, but the output node is, and so if it's subject to jurisdiction could be used to nullify the benefits of a VPN.
Best practice is a no-log VPN in a country you are not subject to the jurisdiction of. Realistically at that point it's more effort than anyone can be bothered for to try and track you down.
The data if anything is the incriminating part, and they only get to know it came from you, and that it's going to a VPN server. The VPN server gets the actual stuff that would otherwise be incriminating, and sends it back - but when it's sent back, it's fully encrypted, so your ISP doesn't know what it is.
When I say context, I mean something like this:
I will admit I torrent unabashedly. My ISP cannot see what I am downloading, but they can see that data is coming from my IP, and going to a VPN server. Given that torrenting is somewhat unique in its fingerprint (packet sizes, upload bandwidth and download bandwidth required) they could almost certainly put two and two together based on the common properties of such a connection, but they can't actually prove anything. Just like in a random photograph - you can draw a fair amount of clues from it (for instance, if there's a person in the photo casting a long shadow, you can probably deduce it's early or late in the day. But in and of itself, that information isn't enough to do anything with)
The thing is that they have no proof, however, and nothing happens without proof. That's why it's critically important to make sure the nodes are not in your own country, because thankfully international search is pretty awkward on a warrant, and one would hope that a company would require that much at least.