Data Protection

The Central Credit Register is a database that stores personal and credit information on loans of €500 or more. It is operated by the Central Bank of Ireland under the Credit Reporting Act 2013.

Information on loans is submitted by over 600 lenders to the Central Credit Register for many data fields, including outstanding balance; number of payments past due; credit status data such as whether legal action had been taken by a lender, an overdraft cancelled, or a credit card revoked; and if a re-structure of a loan has been put in place. A sample credit report and suite of factsheets is available on our publications page here.

Payment performance information should be retained on the Central Credit Register for a maximum of 5 years. On 3 August 2023, the Central Credit Register identified that information in these fields relating to May, June and July 2018 was still on the Central Credit Register database as it had not been deleted as scheduled at the end of the relevant month. The excess information was deleted on 7 August 2023. The excess information will not be included in any future copies of your credit report.

The Central Bank has taken immediate and appropriate steps to strengthen our controls in this area to avoid reocurrence.

The Central Credit Register does not produce a credit rating or score. Credit reports provided to lenders form a key, but not the sole, input to support thorough creditworthiness assessments by lenders as part of their lending decisions. Lenders may have regard to other information not collected on the Central Credit Register in making their creditworthiness assessments including but not limited to details of a borrowers assets, their income and their outgoings and expenses.

Borrowers do not need to take any action, but if you have questions about loan applications made during the period, you should contact your lender directly.

Finally, while there is nothing to indicate that the excess information was factually incorrect, we have notified the Data Protection Commission as the information was not deleted as scheduled.

Please see our press releases issued in connection with this matter here.

Yes, to the Central Statistics Office (CSO). The Statistics Act 1993 provides that the CSO may obtain information from public bodies including the Central Bank. Such transfers of information are also permitted under data protection law. A Data Protection Impact Assessment (DPIA) was performed in advance of this transfer.

The CSO is Ireland's national statistical office and its purpose is to impartially collect, analyse and make available statistics about Ireland’s people, society and economy. More information is available at www.cso.ie.

Personal data held on the Central Credit Register includes your name, date of birth, address, gender, telephone number and personal public service number (PPSN). Your PPSN, Eircode and contact telephone number is not transferred to the CSO.

Credit data held on the Central Credit Register includes the loan type, such as mortgage, credit card, overdraft, personal loan, business loan, HP, PCP etc; the amount borrowed and the amount outstanding.

The Central Bank is the data controller for the Central Credit Register and the obligations of the General Data Protection Directive and Data Protection law apply.

The CSO is the data controller for the information when it is transferred and the obligations of the General Data Protection Directive and Data Protection law apply then to the CSO.

The CSO will use the information for statistical purposes and reporting only. No details that might be related to an identifiable person may be divulged to any other government department or body.

A Memorandum of Understanding is in place between the Central Bank and the CSO regarding the governance and use of the data and is available on our Uses of CCR Data Page in the Publications area.

No. Data contained on your credit report is not affected by this transfer. Lenders have been advised that some of the data they provide to the Central Credit Register in respect of loans is now being shared with the Central Statistics Office (CSO).

The Central Bank is the data controller for the Central Credit Register and the obligations of the GDPR and general and data protection law apply.

The CSO is the data controller for the information when it is transferred and the obligations of the General Data Protection Direct and Data Protection law apply then to the CSO.

Any decision in relation to your loan applications in the future is a matter for your lender to assess based on the information available to them at the time, including your credit report and other sources such as information on your income, assets etc.

Your lender is responsible for the accuracy of the data that they send to the Central Credit Register. While it is in their possession, they are a data controller under Data Protection law. 

Once the data is received by the Central Credit Register the Central Bank of Ireland becomes the data controller.

If you believe some of your data is inaccurate, incomplete or not up date on your credit report, you have a right to request that the data be amended. Follow the instructions in our factsheet 'how to request an amendment to my information' available on our publications page or start your online application to amend your information.

If you have applied to amend your information, we will try to resolve the issue as soon as possible. If we need to contact your lender or seek further information from you, this will extend the time needed.

We will respond within 20 days, and may extend the period to 40 days before getting back to you with a decision. You must complete an application and provide information to support your request together with your identification documents before we can proceed. You can start your online application.

Yes. The Credit Reporting Act 2013 and the Regulations provide the legal basis for the collection and processing of personal information, including PPSNs. 
In addition, the Central Bank of Ireland consulted with the Office of the Data Protection Commissioner in advance of publishing the Regulations.  The Central Bank of Ireland is also listed as a specified body in Schedule 5 of the Social Welfare Consolidation Act 2005 when carrying out its functions in relation to the Central Credit Register.

Each time you or a lender accesses your credit report, a footprint is created. A footprint is a record of the date, the lender name (or CIS enquiry if it's you), and the reason why that particular lender sought your credit report.

The footprint is shown at the end of the report for a period of five years after a lender last requested access.

A footprint looks like this:

Information submitted by your lender(s) each month is used to create a credit report which is stored on the Central Credit Register. This information will be released only when a lender or the borrower to whom the information relates requests access; if the borrower to whom the information relates, consents to the release of this information to another person;
as provided by the Credit Reporting Act 2013, the Data Protection Act 2018 or as required or permitted by law or any other applicable legislation.

The Central Bank may also transfer information to state agencies and law enforcement bodies when it is considered necessary and proportionate to do so.

The Central Credit Register supports the Central Bank’s obligations and functions, including consumer protection, supervising the financial sector and ensuring financial stability. The Central Bank may use any pseudonymised information held on the Central Credit Register in the performance of any of its functions.

For more information see our data protection statement.

We need you to prove your identity to proceed with your application. This ensures that your data protection rights are upheld.

The Credit Reporting Act 2013 and the Regulations provide the legal basis for the collection and processing of personal information, including PPSNs. The Central Bank of Ireland is also listed as a specified body in Schedule 5 of the Social Welfare Consolidation Act 2005 when carrying out its functions in relation to the Central Credit Register.  The Central Bank of Ireland consulted with the Office of the Data Protection Commissioner in advance of publishing these Regulations as provided for in the Act. As with all personal information provided to the Central Credit Register when making a request this will be used to locate your credit report.