GDPR ruling mandates changes for credit reference agencies, compelling them to reassess data processing practices and ensure compliance, including providing disclosures about automated decision-making involved in credit profiles. The Court of Justice of the EU deemed credit scoring as a “decision” under GDPR, requiring transparency about data use. Agencies may need to incorporate human oversight in their assessments, impacting business models significantly.
