Data Protection

Yes, to the Central Statistics Office (CSO). The Statistics Act 1993 provides that the CSO may obtain information from public bodies including the Central Bank. Such transfers of information are also permitted under data protection law. A Data Protection Impact Assessment (DPIA) was performed in advance of this transfer.

The CSO is Ireland's national statistical office and its purpose is to impartially collect, analyse and make available statistics about Ireland’s people, society and economy. More information is available at www.cso.ie.

Personal data held on the Central Credit Register includes your name, date of birth, address, gender, telephone number and personal public service number (PPSN). Your PPSN, Eircode and contact telephone number is not transferred to the CSO.

Credit data held on the Central Credit Register includes the loan type, such as mortgage, credit card, overdraft, personal loan, business loan, HP, PCP etc; the amount borrowed and the amount outstanding.

The Central Bank is the data controller for the Central Credit Register and the obligations of the General Data Protection Directive and Data Protection law apply.

The CSO is the data controller for the information when it is transferred and the obligations of the General Data Protection Directive and Data Protection law apply then to the CSO.

The CSO will use the information for statistical purposes and reporting only. No details that might be related to an identifiable person may be divulged to any other government department or body.

A Memorandum of Understanding is in place between the Central Bank and the CSO regarding the governance and use of the data and is available on our Uses of CCR Data Page in the Publications area.

No. Data contained on your credit report is not affected by this transfer. Lenders have been advised that some of the data they provide to the Central Credit Register in respect of loans is now being shared with the Central Statistics Office (CSO).

The Central Bank is the data controller for the Central Credit Register and the obligations of the GDPR and general and data protection law apply.

The CSO is the data controller for the information when it is transferred and the obligations of the General Data Protection Direct and Data Protection law apply then to the CSO.

Any decision in relation to your loan applications in the future is a matter for your lender to assess based on the information available to them at the time, including your credit report and other sources such as information on your income, assets etc.

Your lender is responsible for the accuracy of the data that they send to the Central Credit Register. While it is still in their possession, they are a data controller under the Data Protection Acts. 

Once the data is received by the Central Credit Register the Central Bank of Ireland becomes the data controller.

If you believe some of your data is inaccurate on your credit report, you have a right to request that the data be amended. Follow the instructions in our factsheet how to request an amendment to my information.

If you have asked the Central Credit Register to amend your information, we will try to resolve the issue as soon as possible. If we need to contact your lender or seek further information from you, this will extend the time needed.
We will respond with a decision not later than 40 days after you have made a valid application. In other words, you must complete an application and provide information to support your request together with your identification documents before we can process your request.

Yes. The Credit Reporting Act 2013 and the Regulations provide the legal basis for the collection and processing of PPSNs. In addition, the Central Bank of Ireland consulted with the Office of the Data Protection Commissioner in advance of publishing the Regulations.

Each time a lender accesses your credit report, they leave a footprint. A footprint is a record of the date, the lender name, and the reason why that particular lender sought your credit report.

The footprint is shown at the end of the report for a period of five years after a lender last requested access.

A footprint looks like this:

Credit Information Provider Name Enquiry Date Function Purpose
ABC Bank 12/11/2020 New Credit Application New Credit Application
DEF Bank 01/03/2020 Monitoring Enquiry Restructure
GHI Finance 10/12/2019 Monitoring Enquiry Breach of Terms
JKL Credit Union 15/05/2019 New Credit Application New Credit Application

 

No items found.