Data protection and credit information systems: defaulter files.

Is inclusion in a credit information system legal? What requirements must be met to guarantee the legality of this inclusion?

Requirements

Sometimes you may have been surprised to find that they deny you credit on the grounds that you are included in a file of debtors. You should know that these systems are legal, but as long as they comply, among others, with the following requirements: 

• that the data has been provided by the creditor or by anyone acting on their own account or interest (lawyers, collection management companies, notaries,...) That is, the origin of the data is required to be, at the very least, reliable.
• That the data refers to certain debts, due and payable. This means that the existence or amount of the debt must not have been questioned, either administratively or judicially by the debtor or through an alternative dispute resolution procedure binding between the parties. 
• That the creditor has informed to the affected person in the contract or at the time of requesting payment about the possibility of its inclusion in a credit information system. Likewise, the creditor must mention the name of the system.  
• That the entity that owns the information system inform the interested party of their inclusion in the system within thirty days of said inclusion, as well as the rights that can be exercised in relation to your data: access, rectification and deletion, limitation of processing, data portability, opposition and right not to be subject to automated individual decisions. It is important to note that these entities are co-responsible for the treatment together with creditors in relation to the processing of data of their debtors. 
• That the data is only maintained in the system as long as the non-compliance persists, with the maximum limit of five years from the expiration date of the monetary, financial or credit obligation. In this way, it is ensured that an event that may be specific does not damage the credit “reputation” of the data owner for life. 
• That the data referring to a specific debtor only can be consulted by whoever is an interested partya, this is those who maintain a contractual relationship with the debtor or those with whom the execution of a future contract that involves financing, deferred payment or periodic billing has been requested. That is, these data are not public or accessible by third parties who do not meet the aforementioned requirements.
• They will not be incorporated into information systems credit those debts in which the amount of the principal is less than fifty euros. 
• Whoever denies the conclusion of a contract, after consulting a person's data in a credit information system, must inform the affected party.  

In summary, although these systems are protected by law, the processing of data of the interested parties must be carried out with the due guarantees to avoid violating your rights.

Thus, among other obligations, the entities responsible for common files for the evaluation of equity and credit solvency or common files for the management and prevention of fraud, including those responsible for the files regulated by the legislation on the prevention of money laundering capital and the financing of terrorism, must Mandatory designation of a Data Protection Officer.

He Master in Compliance and Data Protection Management will turn you into a highly qualified professional with the necessary skills to carry out specialized tasks in data protection and compliance.