The Stichting Bureau Krediet Registration (BKR) is not allowed to ask for money from people who want to digitally view their personal data. And when people want access to their personal data at BKR by post, it should be possible to do so simply and at reasonable intervals. BKR raised too high thresholds for inspection.

This is not allowed under privacy law. That is why the Dutch Data Protection Authority (AP) has fined BKR 830,000 euros. The AP received complaints about the thresholds that BKR raised when people wanted to see their personal data. This prompted the AP to investigate.

Access to personal data credit registrations
Aleid Wolfsen, President of the AP:

“Access to personal data about credit registrations is very important. A negative credit registration can have consequences for getting a loan or mortgage. It is therefore important to be able to easily and quickly identify which personal data of yours is being processed and whether this is done in a good way.”

What was going on?

From May 2018, BKR requested a fee for the digital request of personal data. Also, people could only see their data once a year (by post) at no cost. This is not allowed under privacy law. Therefore, a fine of 830,000 euros has been imposed.

BKR has changed the way of working after the AP’s investigation. Since April 2019, people can view their data digitally at BKR for free. As of March 2019, BKR has also adjusted the number of times people can view their personal data by post.

What’s next?

BKR appealed to the court in this case. As a result, the AP’s decision on the fine to be imposed is not yet final.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DEI PAESI BASSI AP