The UK government confirmed that Brexit negotiations will not affect the implementation of GDPR, due to come into force on 25 May 2018.
The notice, which is available on each of the CRA’s websites, details how the three agencies use and share the personal data that they receive about consumers and businesses.
The information provided addresses GDPR requirements and will ensure credit data sharing can “can continue to support responsible lending, to help combat fraud and money-laundering and to support the fair and proportionate collection of debt,” said the CRAs.
Steve McNicholas, managing director of credit and marketing data at Callcredit, said: “CRAs are an integral part of the consumer lending process and wider information ecosystem. Helping people understand how their data is used and shared and how they can challenge its accuracy is an important issue.”
“We are in the age of the empowered consumer where we all recognise the importance and value of our own personal information,” McNicholas continued.
Consumer education
The CRAs said they worked closely with trade and industry bodies to develop the notice, which aims to assist the financial industry in delivering standardised, clear, and consistent information to consumers explaining how CRAs use and share personal information, the type of information held, where it comes from and the legal context of data processing.
“In a world of new opportunities, open banking and growing technological innovations, we believe people should have access to and then understand the information they are given on credit,” said Clinton Hook, head of data for consumer information services at Experian.
Indeed, with maximum corporate fines for breaching GDPR being the higher of either €20m or 4% of group turnover, clarity is crucial to compliance.
Hook continued: “Their credit histories should help them make informed decisions about their financial futures. We believe CRAIN will support greater transparency, consistency and clarity, and be of value to all UK lenders as they prepare for GDPR.”
Steve Martin, UK data protection officer at Equifax, added: “Data sharing between lenders and CRAs helps consumers access the right products, receive relevant communications and better manage their finances.”
He continued: “With over 500 lenders in the UK, this one standardised notice will support GDPR’s drive for enhanced transparency for consumers, providing clarity over the role of CRAs in the financial industry. Ultimately, ensuring all parties can continue to access and share data to make better informed financial decisions is good for consumers and lenders combined.”
