A licence from the Swedish Data Protection Authority is normally required to operate credit reference activities. We decide on licences to operate credit reference activities only if the activities can be assumed to be carried on in a knowledgeable and judicious manner. Our evaluation is based on the type and scope of the planned activities.
The knowledge requirement refers to experience of credit reference activities and knowledge of current legislation. The Swedish Data Protection Authority has in its praxis found that a person who is to operate credit reference activities should have a law education at university level or economics education at university level and experience of credit reference activities in order for the activities to be assumed to be able to be carried on in a knowledgeable manner.
There are no special application forms but anyone whishing to apply for a licence to operate credit reference activities is to provide a description of the intended activities. The application is also to contain details of
- the applicant's name, personal identity number or corporate registration number, postal address and phone number and the business's visiting address,
- from where and how the information that is to form the basis of credit references is to be collected,
- to whom and how credit references are to be provided,
- how registers are to be stored and what principles are to be observed for erasure of information from the registers,
- how a data subject is to be given access to the information stored relating to him or her,
- how the person to whom the credit reference refers is to be notified of the contents of that credit reference, and
- how and when rectification, additions to or erasure of misleading information are to be made.
A person wishing to operate credit reference activities can contact the Swedish Data Protection Authority on +46 (0)8 657 61 00.
If the information in other languages are different from the Swedish version, it is the Swedish version that applies.