With 23 days until GDPR comes into force, credit reference agency Equifax is urging businesses to engage with their suppliers urgently. It says for any businesses using credit reference agency services – whether credit checking or identity verification, steps must be taken to ensure continuity of service.
Data protection officer at Equifax, Steve Martin, says any businesses that share credit data that haven’t yet engaged with their CRA must do so as a matter of urgency, as it’s essential that they direct customers and prospective customers to the right information on how their data will be shared with and used by CRAs.
“To maintain the public’s trust and facilitate the ongoing sharing of data, the industry must make sure privacy notices are compliant and consumer friendly,” Martin says. “Equifax has worked closely with other CRAs to launch an industry-wide Credit Reference Agency Information Notice (CRAIN) which provides standardised wording defining the standards that all three CRAs will apply when processing consumer data. CRAIN supports GDPR’s drive to enhance consumer rights and transparency over their data, providing clarity over the role of CRAs in the financial industry.
“Businesses sharing data with a CRA must use or signpost customers and prospects to CRAIN, to ensure they receive clear and consistent information about how their data is managed. For new customers, clear direction at the point of application is important; a link to access CRAIN at a later date is not acceptable.
GDPR and CRAs: Ensuring compliance (Source: Equifax)
The following steps must be taken for each application to ensure a prospective customer understands how their personal information is used and kept safe, and their rights to access, control and correct information held on file:
• Online applications - Your customers should already be referred to your fair processing notice (FPN) at the point of application to advise them what your company, as a lender or business, and a credit reference agency (CRA) will do with their data. From 25 May, CRAIN should be incorporated.
• Offline applications - You will need to provide an off-line route to access information about CRAIN, such as printed copies.
• Telephone applications - You will need to enable the consumer to access your FPN at the point of application rather than at a later date/time, by providing clear, spelled out URLs as part of the phone script, or via a paper copy.
Printed Copy:
Would you also like to receive CIR Magazine in print?
Data Use:
We will also send you our free daily email newsletters and other relevant communications, which you can opt out of at any time. Thank you.
YOU MIGHT ALSO LIKE