Elektro & Automasjon Systemer AS fined
The Norwegian Data Protection Authority has fined Elektro & Automasjon Systemer AS NOK 200,000 for performing a credit rating on a private individual without any legal basis.
The Norwegian Data Protection Authority has fined Elektro & Automasjon Systemer AS NOK 200,000 for performing a credit rating on a private individual without any legal basis.
Elektro & Automasjon Systemer AS (EAS) performed a credit rating on a part-owner in another company without any collaboration, customer relationship or other connection to EAS as a basis for the credit rating.
A credit rating is the result of a compilation of personal data from many different sources and shows the likelihood of a person being able to pay an outstanding claim. A credit rating will also reveal details about the person’s financial status, such as any overdue payments/defaults on loans, mortgages and debt-to-income ratio.
The General Data Protection Regulation requires all processing of personal data to have a legal basis.
EAS has emphasized that the credit rating was accidental, and the company agrees that it had no relation to complainant that would justify the credit rating in this case.
Credit ratings feel invasive for the party being rated. They involve types of personal data that some people have a special interest in protecting.
It is important that enterprises that use credit ratings as a tool in their operations, familiarize themselves with how this tool works and establish good procedures for when and how to use it, to prevent performing credit ratings on private individuals in conflict with regulations.
Initially, the Data Protection Authority gave notice of a NOK 250,000 fee, but the Authority has imposed a final fee of NOK 200,000. EAS is also ordered to establish procedures for performing credit ratings, to prevent further unlawful credit ratings in the future.