Reply to post: Re: What Exactly Was The Breach ???

UK financial regulator confirms it is probing Equifax mega-breach

Anonymous Coward
Anonymous Coward

Re: What Exactly Was The Breach ???

"They are going to have to seek EXPLICIT consent for absolutely everything they store, and it ain't going to go down well."

This is a common misconception. GPDR, like the DPD before it, provides six Justifications for processing personal data. Consent is just one of those justifications. CRAs typically rely on:

- Contractual necessity (e.g. your bank make it a condition of opening the account)

- Legal obligation (e.g. compliance with fiduciary duty/due diligence legislation; remember they're a regulated industry)

- Public interest (i.e. it's better for everyone if lending decisions are made on accurate information)

and failing all else, the "legitimate interests" justification, but this is problematic as it requires a full privacy impact assessment rather than just a tick in the box.

They neither need nor want your consent.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020