GDPR comes into force on 25th May and is a modernised version of the Data Protection Act, helping to update legislation so that it now better reflects the ways that data is used, stored and shared.
Equifax argued that credit agency services cannot be maintained unless firms act now to direct customers to accurate information on how their data will be shared with and used by CRAs.
The nation’s big three credit agencies – Experian, Call Credit and Equifax – have produced an industry-wide credit reference agency information notice (CRAIN) which defines the standards the agencies will apply when processing borrower data.
Steve Martin, data protection officer at Equifax, said: “Businesses sharing data with a credit rating agency must use or signpost customers and prospects to CRAIN, to ensure they receive clear and consistent information about how their data is managed. For new customers, clear direction at the point of application is important; a link to access CRAIN at a later date is not acceptable.”
Martin added that borrowers should be provided with an offline route to access information about CRAIN, such as printed copies, while a clear, spelled out URL should be included as part of any telephone script to ensure borrowers can access the information at the point of application rather than at a later date.