GDPR and Experian

50Twuncle

I cancelled an account with Experian - on account of no longer needing it and being concerned about data breaches (they were hacked at least 2 times in the last 4 years)

This took 3 emails - they didn't even respond to the first two !!
I discovered that, despite my cancelling my account - Experian "hold on" to my personal data for 6 years

This, surely must break GDPR rules ?

[Deleted User]

It surely doesn't, if they identified legitimate reasons for it.

[Deleted User]

Pretty sure it was Equifax that was hacked, not Experian

50Twuncle

!!! wrote: »

Pretty sure it was Equifax that was hacked, not Experian

https://www.theguardian.com/business/2015/oct/01/experian-hack-t-mobile-credit-checks-personal-information
and
https://krebsonsecurity.com/tag/experian-breach/

50Twuncle

Deleted_User wrote: »

It surely doesn't, if they identified legitimate reasons for it.

So - according to you - any company can do what it likes with our personal data - as long as they can identify a reason for doing it
That is exactly what GDPR is supposed to protect us from....
Unscrupulous companies

[Deleted User]

50Twuncle wrote: »

So - according to you - any company can do what it likes with our personal data - as long as they can identify a reason for doing it
That is exactly what GDPR is supposed to protect us from....
Unscrupulous companies

So - according to me - no.

Did the word 'legitimate' not appear on your device of choice?

[Deleted User]

Financial Information has a "right" to be kept

Which is the data that Experian and other CRA's will hold on you

PRAISETHESUN

Information from your credit files is held by the three CRAs for 6 years, and can be viewed by any lender when you make a credit application. Deleting the account that you use to access your personal information does not delete the information itself. Having the information available is required for the lenders to be able to make informed decisions about lending - otherwise I could default on all my debts, request my "right to be forgotten" under GDPR, then go and rack up more debt since the information is no longer available. I assume this is protected under the GDPR rules themselves as a "legitimate" purpose, as others have highlighted.

I agree that I find it slightly disconcerting that the information is held for so long and could be hacked/breached at any time, but unfortunately there isn't much we can do about it unless you want to only use cash and never use a credit product again (so there is nothing to report to your files anymore).

Shakin_Steve

50Twuncle wrote: »

This took 3 emails - they didn't even respond to the first two !!

When I closed my account I just went into the payment details on the site and cancelled from there. Instant message to tell me how long I still had access for. No dramas.
Of course they keep your financial information for six years, that's the whole point of their existence.

Shakin_Steve

Just to make you feel better, insurance companies keep details of any claims you make for at least five years, DVLA keep a record of any driving offences for at least eleven years, and those pesky policemen can keep a record on you for ever. Bummer.

jimbo26

OP read this https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/principles/lawfulness-fairness-and-transparency/

If after reading this you still think Experian are breaching data protection laws you can complain to the Information Commissioner.