The German Association of Credit Bureaus, that brings together several members of ACCIS, including Schufa, CRIF Bürgel, Creditreform Boniversum and Infoscore Consumer Data, has adopted a code of conduct on data retention.
Article 17 of the GDPR states that ‘the controller shall have the obligation to erase personal data without undue delay where (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed’.
The previous Federal Data Protection Act provided detailed guidance for different situations. The objective of the code of conduct, that has been prepared under the provisions in Article 40 of the GDPR, is to bring back that certainty, modelling the industry guidance on the previous legal text.
The code has been the subject of intense and constructive dialogue between the Association and the different German data protection authorities, with the latter granting formal approval to the code on 25 May.
Source: ACCIS Annual Meeting Stockholm