How do credit reference agencies keep my data safe?

Data breaches and hacking scandals in the news constantly remind us about the importance of keeping our personal information safe. Consequently, the idea that credit reference agencies hold several years of your financial history can be unnerving. Nevertheless, credit reference agencies (CRAs) have a lot of measures in place to your data safe. To help put your mind at ease, this blog will answer the questions you may have about the way CRAs protect your data.

What data is held?

CRAs collect information from publicly available records, such as:

  • Court judgements made against you
  • Past addresses
  • Electoral roll information

They also may have data sent to them by different organisations who can provide CRAs with information on how much you owe and your repayment history. This includes:

  • Banks and building societies
  • Utility companies
  • Mobile phone operators
  • Social housing providers

What measures are in place?

The General Data Protection Regulation (GDPR)

All of your personal information held by Noddle is used strictly in accordance with GDPR and our Privacy Policy. The GDPR is the law designed to protect your personal data and it controls how your personal information is used and held by organisations, businesses, or the government.

The Information Commissioner’s Office (ICO) is the regulator that enforces the GDPR, if Noddle were to experience a data breach or use your data incorrectly, we could be fined severely by the ICO. The ICO is responsible for regulating the GDPR and the processing of personal data.

Financial Conduct Authority (FCA) regulation

Noddle is regulated by the FCA. The FCA is a regulator of financial services firms and financial markets in the UK, making sure the markets are honest and effective so that consumers get a fair deal. Being regulated by the FCA means that we have to show that our businesses are financially sound and well controlled, that our processes and operating systems are robust, that we hold customer data securely and use it legitimately and in support of fair outcomes for consumers.

Staff training

At Noddle we also have rigorous internal processes, which include regular training for our staff on the ins and outs of FCA regulation and the GDPR to make sure that your data is never exposed to anyone who shouldn’t have access to it.

How long is the data stored for?

The GDPR states that an organisation should not keep personal data for any longer than is necessary, as data ages over time it becomes less useful to lenders as a way to predict your current level of creditworthiness.

Can I stop CRAs from holding my data?

CRAs can hold and supply information under the GDPR.  Your credit report information is stored by us to enable lenders to assess your creditworthiness before approving you for a loan or another form of credit. If we didn’t hold this information when it came time for you to apply for credit you would experience a slower process because you’d need to provide the evidence yourself and then it would have to be manually validated.

If you want to see exactly what information Noddle holds on you, you can sign up for your free-for-life credit report by visiting