SCCCU Compliance Forum
This forum is designed to provide our members with easy to understand information on current and relevant topics.
This month we are covering the areas of The Central Credit Register and The General Data Protection Regulation and the impact it will have on you.
The Central Credit Register
Q: What is the Central Credit Register?
A: The Central Credit Register is a new secure system for collecting personal and credit information on loans of €500 or more.
Q: When does the Central Credit Register become effective?
A: From 30th June 2017 information from lenders shall be submitted to the Central Credit Register.
Q: Can I stop my Personal and Credit Information from being submitted to the Central Credit Register?
A: No, this is a mandatory database and your consent is not required. However, Financial Institutions are required to inform each customer/member of the Central Credit Register.
Q: Who is responsible for the Central Credit Register?
A: The Central Bank of Ireland is responsible for operating this register.
For more information, visit our website on www.claremorriscu.ie
The General Data Protection Regulations (GDPR)
Q: What is GDPR?
A: GDPR shall replace the existing Data Protection Laws in the European Union. Its aim is to give greater control to individuals over their personal data by setting out additional and more clearly defined rights for individuals why personal data is collected and processed by organisations and businesses.
Q: When does it become effective?
A: 25th May 2018
Q: What is Personal Data?
A: Personal Data is any data that can identify an individual person. E.g. name, an ID number, location data (mobile phone), address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identify of a person.
Q: What are the significant changes between the current Data Protection Laws and the impending GDPR?
A: Individuals shall have increased rights in respect to:
- Obtain details about how their data is processed by an organisation or business
- Obtain copies of personal data that an organisation holds on them
- Have incorrect or incomplete data corrected
- Have their data erased where there is no legitimate reason for retaining the data
- Obtain their data from an organisation and to have that data transmitted to another organisation
- Object to the processing of their data by an organisation in certain circumstances
- Not to be subject to (with some exceptions) automated decision making, including profiling.
Organisations and businesses collecting and processing personal data will be required to meet a very high standard in how they collect, use and protect data. Very importantly, organisations must always be fully transparent to individuals about how they are using and safeguarding personal data, including by providing this information in easily accessible, concise, easy to understand and clear language.
Q: What happens if an organisation or business breaches the law?
A: For organisations and businesses who breach the law, the Data Protection Commissioner is being given more robust powers to impose very substantial sanctions including the power to impose fines. Under the new law, the DPC will be able to fine organisations up to €20 million (or 4% of total global turnover) for the most serious infringements.
The GDPR will also permit individuals to seek compensation through the courts for breaches of their data privacy rights, including in circumstances where no material damage or financial loss has been suffered.