Fair Processing Notices and GDPR

Blog image for GDPR and Fair Processing

TransUnion (formerly Callcredit Information Group) offers organisations multiple ways to engage with their customers and prospects and helps clients grow their businesses through multi-channel campaigns.

We view the EU General Data Protection Regulation (GDPR) as the biggest regulatory change affecting data in the past 20 years. Common sense dictates that every organisation who owns, uses or stores personal data for any purpose needs to be rigorous in their preparations for the May 25 deadline.

Getting the right approach to GDPR will vary by organisation but will no doubt require both an education process and a shift in culture, especially as GDPR compliant data usage embeds itself within processes.

As Steve McNicholas, Managing Director – Credit and Marketing Data, TransUnion (formerly Callcredit Information Group), has stated; “We are in the age of the empowered consumer where we all recognise the importance and value of our own personal information.

“Credit reference agencies are an integral part of the consumer lending process and wider information ecosystem. Helping people understand how their data is used and shared and how they can challenge its accuracy is an important issue. We often take for granted how data sharing has evolved and how it now enables people to apply for tailored financial products and gain an instant decision. The mechanics of what sit behind this are of increasing interest to information hungry consumers – transparency is key.”

With this in mind you should be considering approaches such as a single customer view so you can ensure you identify all of any particular consumer’s data you hold.

Doing the right thing with Fair Processing Notices

Being transparent and providing accessible, easy-to-understand information to individuals about how you will use their personal data is a key element of the Data Protection Act 1998 and the GDPR.

The most common way to provide this information is in a privacy notice and in many situations where organisations obtain personal data as part of a simple transaction it should be straightforward to use the key recommendations in the code of practice to develop a clear and effective privacy notice.

As a business, we’ve built our reputation by horizon scanning and consistently reviewing our product suite and approaches. We’ve done this through a lens that puts the integrity of marketing data for organisations and consumers first.

In January 2016, in response to regulatory developments in the marketing data marketplace, we created a new model Fair Processing Notice (FPN) and Privacy Policy. This was adopted by existing data contributors in March 2016. We strengthened our requirements as to our Fair Processing Notices & Privacy Policies for marketing data and suspended selling data for prospecting by telephone, email and SMS until it met our new standards.

These actions created new standards of good practice and consolidated our position as a leading provider of consumer data in the UK marketplace.

Working with the industry to lead on best practice

As a leader in the data and software space we have been preparing for GDPR since it was announced over two years ago and believe we should be actively leading the discussion and helping to demonstrate what best practice looks like to the industry.

In October 2017 we worked with other credit reference agencies (CRAs) and trade and industry bodies to launch the Credit Reference Agency Information Notice (CRAIN).

CRAIN was produced in readiness for the implementation of GDPR and the notice ensures that the financial industry delivers standardised, clear and consistent information to consumers to explain how CRAs use and share personal information, the type of information they hold, where it comes from and the legalities of handling personal data.

The document addresses the requirements of GDPR to ensure credit data sharing can continue to support responsible lending, to help combat fraud and money-laundering and support the fair and proportionate collection of debt.

CRAIN is hosted on each of the three main CRAs’ websites so that lenders and other financial providers can easily direct their customers and prospective customers to the information it provides. Alongside our GDPR report and research on a single customer view they provide further examples of how we are preparing our business for regulatory change and are also providing clients and organisations useful insight and commentary on what GDPR means and approaches we think are worth considering to tackle it.

If you’re a consumer with questions or issues related to your personal credit report, drivers history report, disputes, fraud, identity theft, credit report freeze or credit monitoring services, please visit our Customer Enquiries page for assistance.

Contact Us

TransUnion would like to send you original insight, commentary and research on data, software and analytics, early notifications of exclusive events and information about our products and services. If you would like to receive that information, please let us know using the following options:

Business enquiries: If you have a non-sales related query please call us on (+44) 0113 388 4300

Please read our privacy notice , which explains who we are, how we collect and use your personal information and how you can exercise your privacy rights.

We're sorry, your request failed. Please try again in a little while.