MIL-OSI Europe: Answer to a written question – Protection of borrowers’ personal data and the need for non-performing loan management companies to comply with Directive 2021/2167 – E-002566/2024(ASW)

Source: European Parliament

Directive (EU) 2021/2167 of the European Parliament and of the Council of 24 November 2021 on credit servicers and credit purchasers[1] (‘the NPLD’), amending Directives 2008/48/EC[2] and 2014/17/EU[3], had to be transposed by 29 December 2023 by Member States. It introduces requirements protective of the borrower in the context of debt purchasing and debt servicing in the EU.

Regarding the protection of borrowers’ personal data, Article 10(1)(c) of the NPLD states that, in their relationships with borrowers, credit purchasers and credit servicers respect and protect the personal information and privacy of borrowers.

The General Data Protection Regulation (GDPR)[4] lays down the rules to ensure the protection of personal data. Without prejudice to the competences of the Commission as guardian of the Treaties, the enforcement of the GDPR in individual cases lies with the competent national authorities and courts.

In this context, Cyprus received a letter of formal notice in January 2024, and a reasoned opinion in July 2024, requiring the communication to the Commission of transposition measures of the NPLD.

The Cypriot authorities have notified in November complete transposition of the NPLD. the status of this procedure can be followed under the following website (with the following infringement procedure reference INFR(2024)0018)[5], which is currently being assessed by the Commission to ensure its completeness and conformity. These do not apply to NPL transferred prior to 30 December 2023[6].

For credit agreements transferred after this date to companies operating without a license, the NPLD requires Member States to provide national supervisory authorities with the power to act.

[1] OJ L 438, 8.12.2021, p. 1-37.
[2] OJ L 133, 22.5.2008, p. 66-92.
[3] OJ L 60, 28.2.2014, p. 34-85.
[4] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1-88.
[5] https://ec.europa.eu/atwork/applying-eu-law/infringements-proceedings/infringement_decisions/?lang_code=en
[6] Article 2(5)(d) of the NPLD.

Last updated: 31 January 2025

MIL OSI Europe News –

MIL-OSI Europe: Answer to a written question – Protection of borrowers’ personal data and the need for non-performing loan management companies to comply with Directive 2021/2167 – E-002566/2024(ASW)

More posts

MIL-OSI United Nations: World News in Brief: First UN mission to Syria’s Sweida, fresh displacement in Haiti, new lightning record

MIL-OSI Canada: Edmonton resident charged with drug importation

MIL-OSI USA: Schakowsky, Markey, Ruiz, Jayapal Introduce Dr. Paul Farmer Memorial Resolution Outlining 21st Century Global Health Strategy

MIL-OSI New Zealand: Minister announces SOE appointments