Blog: What will the new EU Data Protection Regulation mean for the Euro-consumer when it comes to debt collection?
Leigh Berkley is President of the Credit Services Association (CSA) and Director of External Affairs & Development at Arrow Global.
The final version of new General Data Protection Regulation (GDPR) is due to be published by the European Parliament this summer. The Credit Services Association (CSA) is working with our Members to ensure that they are ready for the changes that will come into force mid-2018, and are aware of the impact on the customers they deal with. The purpose of the new regulation is to give consumers more control over their data, but as we have highlighted through work done over the past few years, there may be unintended consequences for consumers. We are therefore working with various stakeholders on refining the details of the regulation before it is finalised.
The UK is particularly vulnerable to the changes originally proposed because:
the UK consumer and small business finance market is a large part of the UK economy;
data sharing in the UK is much more extensive than in other European countries;
most UK data sharing occurs via regulated private enterprise and not via state databases; and
consumer access to credit in the UK is heavily dependent on this information infrastructure.
Because it is such a complex issue, the new regulation will inevitably bring with it lots of conflicting information for consumers about their data rights online. We believe it is the industry’s responsibility to educate the consumer on what it all means.
Back in January 2014, we illustrated the potential implications of this new legislation in two stories about a fictional character called Alex who was 30 years of age. Under the current UK Data Protection Act, Alex and his partner Manjit (both of whom have gender neutral names) are protected from getting into serious financial difficulty when they face hurdles at different stages in their lives with getting loans, mortgages and other types of credit. The Act stops them from being able to do some things but, in the end, saves them a lot of money and puts them in a stronger financial position in the long term. However, under the new GDPR as it was originally drafted, Alex does not settle original debts to improve his credit score before applying for other types of credit. Because his credit history is not available to lenders, he is granted further credit which leaves him in a much worse situation, and by the end of the story is facing years of financial difficulty.
Understanding the full picture
Data protection legislation provides important protections for consumers and small businesses to prevent the unwarranted collection, processing and abuse of personal data. However, there are times when personal data needs to be available in order to provide important protections for consumers and small businesses. This is particularly true when providing and managing financial services, where access to data is key to making responsible decisions about whether to borrow and lend, and also how to manage existing borrowing and lending.
Consumers in financial difficulty may be facing a range of complex issues and it is in a debt collection agency’s (DCA’s) interest to understand the bigger picture of what is going on so that they can offer an appropriate repayment plan along with the most appropriate help and advice. Although our lobbying has contributed to some positive changes to the GDPR, some elements of the proposed new regulation may still hamper this process.
Consent-based data processing
The biggest overall change for consumers is that the processing of personal information will be more consent-based and this is a good thing for individuals as it gives people more control. When it comes to debt collection and allied services such as tracing customers, the industry has had a challenging time because of a lack of reliable data available. It is important that we educate the public on the role of debt collection and why open communication with a DCA is important. We all need to work more effectively together to ensure that data is shared and used responsibly for mutual benefit. What we don’t want to happen is for the debt collection process to become any more complex for customers. We need to communicate effectively about the benefits of sharing data so that customers can make informed choices about how much of their data is shared and for what purpose. We fully support the notion that consumers should get more information about how their data is used, which ensures everything is as transparent as possible.
Protecting debt collection customers’ data
In preparation for the new regulation, we are recommending that our Member companies appoint a Data Protection Officer to oversee and manage all data issues. We are also helping them to undertake privacy impact assessments, put crisis handbooks in place, consider the encryption of all customer data, and assess others they work with and share data with, to minimise any data breaches, as well as ensuring complete consumer transparency.