Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Urgent Gdpr Action Required From Users of Credit Reference Agency Services – Equifax Comments

Published by Gbaf News

Posted on May 4, 2018

5 min read

Last updated: January 21, 2026

Add as preferred source on Google

Military operations in the Kursk region highlight Ukraine-Russia conflict - Global Banking & Finance Review — This image depicts military activity in the Kursk region amid escalating conflict between Russia and Ukraine. The image reflects the ongoing tensions as reported by Russia's defense ministry, indicating heavy strikes on Ukrainian units.

With 23 days until GDPR comes into force, Steve Martin, Data Protection Officer at Equifax, explains why businesses using Credit Reference Agency (CRA) services must engage with their suppliers:

“The new general data protection regulation will soon be upon us. For any businesses using credit reference agency (CRA) services, whether it’s credit checking or identity verification to help fight fraud, urgent steps must be taken to ensure these services can be maintained.

“Data sharing between lenders and CRAs and other authorised organisations helps consumers access appropriate products, receive relevant communications and better manage their finances. Any businesses which share credit data that haven’t yet engaged with their CRA must do so as a matter of urgency, as it’s essential that they direct customers and prospective customers to the right information on how their data will be shared with and used by CRAs.

“To maintain the public’s trust and facilitate the ongoing sharing of data, the industry must make sure privacy notices are compliant and consumer friendly. Equifax has worked closely with other CRAs to launch an industry-wide Credit Reference Agency Information Notice (CRAIN)* which provides standardised wording defining the standards that all three CRAs will apply when processing consumer data. CRAIN supports GDPR’s drive to enhance consumer rights and transparency over their data, providing clarity over the role of CRAs in the financial industry.

“Businesses sharing data with a CRA must use or signpost customers and prospects to CRAIN, to ensure they receive clear and consistent information about how their data is managed. For new customers, clear direction at the point of application is important; a link to access CRAIN at a later date is not acceptable.

“The following steps must be taken for each application to ensure a prospective customer understands how their personal information is used and kept safe, and their rights to access, control and correct information held on file:

Online applications – Your customers should already be referred to your fair processing notice (FPN) at the point of application to advise them what your company, as a lender or business, and a credit reference agency (CRA) will do with their data. From 25 May, CRAIN should be incorporated.
Offline applications – You will need to provide an off-line route to access information about CRAIN, such as printed copies.
Telephone applications – You will need to enable the consumer to access your FPN at the point of application rather than at a later date/time, by providing clear, spelled out URLs as part of the phone script, or via a paper copy.

With 23 days until GDPR comes into force, Steve Martin, Data Protection Officer at Equifax, explains why businesses using Credit Reference Agency (CRA) services must engage with their suppliers:

“The new general data protection regulation will soon be upon us. For any businesses using credit reference agency (CRA) services, whether it’s credit checking or identity verification to help fight fraud, urgent steps must be taken to ensure these services can be maintained.

“Data sharing between lenders and CRAs and other authorised organisations helps consumers access appropriate products, receive relevant communications and better manage their finances. Any businesses which share credit data that haven’t yet engaged with their CRA must do so as a matter of urgency, as it’s essential that they direct customers and prospective customers to the right information on how their data will be shared with and used by CRAs.

“To maintain the public’s trust and facilitate the ongoing sharing of data, the industry must make sure privacy notices are compliant and consumer friendly. Equifax has worked closely with other CRAs to launch an industry-wide Credit Reference Agency Information Notice (CRAIN)* which provides standardised wording defining the standards that all three CRAs will apply when processing consumer data. CRAIN supports GDPR’s drive to enhance consumer rights and transparency over their data, providing clarity over the role of CRAs in the financial industry.

“Businesses sharing data with a CRA must use or signpost customers and prospects to CRAIN, to ensure they receive clear and consistent information about how their data is managed. For new customers, clear direction at the point of application is important; a link to access CRAIN at a later date is not acceptable.

“The following steps must be taken for each application to ensure a prospective customer understands how their personal information is used and kept safe, and their rights to access, control and correct information held on file:

Online applications – Your customers should already be referred to your fair processing notice (FPN) at the point of application to advise them what your company, as a lender or business, and a credit reference agency (CRA) will do with their data. From 25 May, CRAIN should be incorporated.
Offline applications – You will need to provide an off-line route to access information about CRAIN, such as printed copies.
Telephone applications – You will need to enable the consumer to access your FPN at the point of application rather than at a later date/time, by providing clear, spelled out URLs as part of the phone script, or via a paper copy.