[x0x0]

Nothing in the gdpr would ban equifax. Creditors will continue to have the right (legitimate interests) to create, submit data to, and use credit reports in decision making.

GDPR would have attached more liability to equifax (though 4% of global revenues really isn't that much), including a much shorter timeline on reporting the breach.

[athrowaway3z]

https://www.eugdpr.org/key-changes.html

Apart from the fine and the notification of the breach. Equifax would have been different because of.

- Consent : " companies will no longer be able to use long illegible terms and conditions full of legalese " - Right to Access : " Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. " - Right to be Forgotten - Data Portability - Data Protection Officers

But Europe ( the countries that i know about ) have different requirements rules for credit bureaus all together. So AFAIK there is little incentive for Equifax to hold European data at all.

[x0x0]

The majority of those rights don't apply for reasons that should be obvious if you had even a modest understanding of the gdpr (see legitimate interest basis) and other related legislation. It is distinctly not helpful to spew misinformation on HN.

So that people don't rely on your lack of understanding of the gdpr:

* consent isn't required; it's merely one basis to permit processing

* since consent isn't required, it will be an extraordinary stretch to exercise a right to be forgotten. In fact, credit reports are probably one of the canonical cases where LI override most rights of the data subject.

* data access is not new; see DPA

* Equifax does, in fact, have an EU business; it is in the UK. And has offered £2 access to credit reports since 2010-ish. I recognize 2 > 0, but it is not significantly different.