We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
credit blacklists and GDPR
Brooker_Dave
Posts: 5,196 Forumite
Now that ordinary people are able to control their own data, and have the right to be forgotten - they can force the blacklists to delete it - will blacklists who ignore the law be open to the next ppi style claims bonanza?
"For example today, financial institutions share data with Credit Reference agencies and this is embedded into most contracts. The ICO guidance suggests this can continue under the exemptions. However, I suspect this is far too simplistic an approach. Why, because the amount of data being shared with Credit Reference Agencies is far higher today, than it was a few years back and if you look at the data being shared, many observers are saying much of the data is used for targeting of products and actually probably has little impact on someone's ability to get credit.
"Likewise, Credit Reference Agencies today simply trust their customers that the customer's have obtained consent to see a person's data, but from personal experience this is often not true. I have frequently found my credit reference file being accessed in error - in fact one (very large UK) organisation I approached admitted to accessing my file in error, but was unable to stop the access and could not confirm what data has been accessed or what had happened to the data it had obtained."
"Under GDPR, all data processors including credit reference agencies are now liable to both report on breaches (access without consent) pay compensation and fines for any resulting breaches. After GDPR takes effect, my expectation is that over the coming months and years, we will see individuals winning claims through the courts across the EU, which will dramatically change how organisations deal with personal data."
"In summary, it is time to start explicly gaining consent from your customers and updating your processes so that a service can be varied depending on how much data data a person allows you to process. It will no longer be all or nothing."
"For example today, financial institutions share data with Credit Reference agencies and this is embedded into most contracts. The ICO guidance suggests this can continue under the exemptions. However, I suspect this is far too simplistic an approach. Why, because the amount of data being shared with Credit Reference Agencies is far higher today, than it was a few years back and if you look at the data being shared, many observers are saying much of the data is used for targeting of products and actually probably has little impact on someone's ability to get credit.
"Likewise, Credit Reference Agencies today simply trust their customers that the customer's have obtained consent to see a person's data, but from personal experience this is often not true. I have frequently found my credit reference file being accessed in error - in fact one (very large UK) organisation I approached admitted to accessing my file in error, but was unable to stop the access and could not confirm what data has been accessed or what had happened to the data it had obtained."
"Under GDPR, all data processors including credit reference agencies are now liable to both report on breaches (access without consent) pay compensation and fines for any resulting breaches. After GDPR takes effect, my expectation is that over the coming months and years, we will see individuals winning claims through the courts across the EU, which will dramatically change how organisations deal with personal data."
"In summary, it is time to start explicly gaining consent from your customers and updating your processes so that a service can be varied depending on how much data data a person allows you to process. It will no longer be all or nothing."
"Love you Dave Brooker! x"
"i sent a letter headded sales of god act 1979"
"i sent a letter headded sales of god act 1979"
0
Comments
-
There aren't any credit blacklists to remove you from0
-
If a commercial organisation doesn't want to lend money to you because you didn't pay it back the last time, GDPR will not change that at all.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards