In a recent ruling, the German Federal Court of Justice clarified key aspects of data retention relevant to business information and credit risk assessment services under the GDPR.
The court confirmed that retaining data on settled payment defaults for defined periods may be lawful where it supports legitimate economic interests and reliable risk evaluation. It also highlights a key difference between data retention period for data coming from public registers and data retention period for data coming from private databases such as payment defaults. The judgment also highlights the importance of proportionality and appropriate safeguards.
The decision is of practical relevance for FEBIS members providing business information and related risk management services across Europe.
Please read the full article here.
Source: Lexology
Write a comment