The information in the Credit Reference Agency Information Notice will be effective from October 23, 2017 - EXCEPT for the information in Sections 9 (data portability right), Section 11 and 12. These Sections provide information on new rights that will only come into effect from the 25th May 2018, which is the effective date of the General Data Protection Regulation (or the GDPR).
The document describes how the three main credit reference agencies Callcredit, Equifax and Experian, (also called “credit reference agencies” or “CRAs” in this document) each use and share personal data (also called ‘bureau data’) they receive about you and/or your business that is part of or derived from or used in credit activity.
Please note: you shouldn’t think of this document as a complete record of all the personal data each CRA may hold and process, as each has a number of different business functions running through it. To find out more about each CRA’s other businesses, services and personal data processing, go to the website links provided.
The full document can be accessed HERE - and provides answers questions such as:
1. Who are the credit reference agencies and how can I contact them?
2. What do credit reference agencies use personal data for?
3. What are the credit reference agencies’ legal grounds for handling personal data?
4. What kinds of personal data do credit reference agencies use, and where do they get it?
5. Who do credit reference agencies share personal data with?
6. Where is personal data stored and sent?
7. How long is personal data kept for?
8. What can I do if I want to see the personal data held about me?
9. What can I do if my personal data is wrong?
10. Can I object to the use of my personal data and have it deleted?
11. Can I restrict what the credit reference agencies do with my personal data?
12. Who can I complain to if I’m unhappy about the use of my personal data?
13. Where can I find out more?