Oterion logo

Dutch DPA Fines Experian €2.7 Million for GDPR Violations in Credit Scoring

Published on October 21, 2025

The Dutch Supervisory Authority for Data Protection (AP) has imposed a €2.7 million fine on Experian Nederland B.V. for processing personal data on creditworthiness without a valid legal basis or adequate transparency. Until January 1, 2025, the firm collected details on payment behavior, debts, and bankruptcies from public and private sources to generate scores sold to telecoms, retailers, and landlords - impacting consumer access to services and terms. Triggered by complaints over unnotified checks leading to denied purchases or higher fees, the probe revealed excessive data gathering and poor risk balancing. AP Chairman Aleid Wolfsen highlighted the resulting consumer frustration. Key violations:

  • No legal basis: Unjustified processing of sensitive financial data.
  • Excessive collection: Unnecessary personal information without proven need.
  • Transparency failure: Inconsistent notifications to data subjects.
Disclaimer:Oterion provides compliance platform tools and informational resources. However, we are not a law firm or legal service provider. The content in our website, ebooks, posts, and other materials is for informational purposes only and should not be considered legal advice. For specific legal questions or concerns related to any of our content, please consult with a qualified attorney or law firm.

Stay ahead of compliance

Subscribe to our newsletter for the latest regulatory updates, compliance tips, and industry insights delivered straight to your inbox. Keep your business prepared and informed.

You can unsubscribe anytime. For more details, review our Privacy policy.