SCHUFA assesses consumers‘ financial situations without asking them and makes this data available to the economy. At the same time, the legal system has decided that consumers are responsible for monitoring this activity. SCHUFA (Schutzgemeinschaft für allgemeine Kreditsicherung) is a key player in the German financial system, playing a decisive role in assessing the creditworthiness of individuals and companies. The data collected by SCHUFA not only affects the granting of loans, but also rental agreements and other financial services. In this context, SCHUFA is caught between protecting consumer rights and the need to minimise risk for financial institutions. SCHUFA has considerable power in the German financial system and significantly affects the lives of many consumers. In other words: ‘Schufa has more power than your mother-in-law.’
Historical background
SCHUFA was founded in 1927 to protect creditors from payment defaults. At a time when industrialisation and lending were on the rise, a reliable mechanism for assessing creditworthiness was essential. SCHUFA initially served as a protective organisation that collected data on solvency and provided creditors with a solid basis for decision-making.
Over the years, SCHUFA expanded its activities and began to collect more comprehensive data sets on individuals and companies. Digitisation in 2000 enabled the automation of processes, which brought both benefits and new challenges. Reliance on automated decision-making can potentially lead to unfairness.
Legal framework and regulations – General Data Protection Regulation (GDPR)
The introduction of the General Data Protection Regulation (GDPR) in May 2018 fundamentally changed the legal framework for data processing in Europe. The GDPR sets strict requirements for the processing of personal data and significantly strengthens consumer rights. The main principles include:
Data belongs to consumers in the first place. Their data may only be collected for legitimate purposes and processed to the extent necessary.
Rights of data subjects: Consumers have the right to access their data, correct inaccurate entries and delete data, as well as compensation for damages.
A key aspect is the right to compensation under Article 82 of the GDPR. This entitles data subjects to compensation in the event of unlawful data processing. Legal decisions have shown that the transfer of positive data without a sufficient legal basis may violate the GDPR. For example, on 25 April 2023, the Munich I Regional Court ruled that the disclosure of such data constitutes a disproportionate interference with the right to data protection. The Federal Court of Justice ruled in 2024 that a claim for compensation always exists if the entry is unlawful.
National data protection regulations
In addition to the GDPR, SCHUFA is subject to specific German data protection regulations that supplement European standards. These regulations govern, among other things, the processing of data for credit checks. Consumers can lodge complaints with supervisory authorities or take legal action in the event of a data breach.
SCHUFA’s functionality
Data collection and processing
SCHUFA collects data from various sources:
– Banks and credit institutions
– Mobile phone providers
– Mail order companies
– Debt collection agencies
Every interaction a consumer has with these institutions may result in information being passed on to SCHUFA. This data is summarised in a so-called SCHUFA score, which reflects the likelihood that a person will meet their financial obligations.
Effects of the SCHUFA score
The SCHUFA score has far-reaching effects on:
Positive results: A high score indicates reliability and facilitates access to credit and other services.
Negative results: A low score may limit access to financial services and result in higher interest rates. Factors such as non-payment or high levels of debt have a negative impact.
Transparency and consumer rights
Consumers have the right to request free information about their data stored by SCHUFA once a year. This information allows them to identify errors and correct them if necessary.
Criticism and controversy
The information provided offers a comprehensive overview of the legal basis and requirements for claims for damages against SCHUFA, particularly in the context of data transfer.
Statistical data on data accuracy and impact on consumers
1. Error rate in SCHUFA data
According to a survey conducted by the Federation of German Consumer Organisations (vzbv) in 2021, approximately 30% of respondents stated that they had already experienced problems with incorrect entries in SCHUFA. This shows that a significant number of consumers are affected by inaccuracies in data relating to their creditworthiness.
2. Impact on the granting of credit
A study conducted by the Institute for Financial Services (iff) found that 20% of borrowers were denied a loan due to a negative SCHUFA score. This figure illustrates how strongly SCHUFA decisions can affect consumers‘ financial lives.
3. Consumer perception
In a survey conducted by the market research institute YouGov, 45% of respondents said they felt uncertain about the accuracy of their SCHUFA data. This uncertainty can lead to a feeling of powerlessness and affect trust in the system.
4. Legal action
According to a survey conducted by the German Bar Association (DAV), around 10% of consumers who had a negative SCHUFA entry took legal action in connection with incorrect data in 2022. This shows that many affected individuals are willing to actively pursue their rights, even though this often involves significant obstacles.
5. Claims for compensation
An analysis of the number of lawsuits shows that in 2023, approximately 15% of lawsuits against credit agencies such as SCHUFA concerned claims for compensation due to incorrect data.
Statistical data illustrate the far-reaching impact of incorrect or inaccurate SCHUFA data on consumers. The high error rate and the associated adverse financial conditions mean that many people are taking legal action to enforce their claims. At the same time, studies show that there is considerable mistrust regarding the accuracy of the data stored.
Data protection concerns
The extensive collection of data has raised concerns about data protection. Critics fear that SCHUFA is creating detailed profiles that go beyond the actual purpose of assessing creditworthiness.
Automated decision-making
The use of automated systems to calculate scores raises questions about fairness and transparency. The GDPR stipulates that data subjects must have the right to have such decisions reviewed manually. In this regard, the ECJ has strengthened consumer rights.
Court rulings on SCHUFA
There are several important rulings on the legal framework for claims for damages against SCHUFA. Here are a few examples.
Munich Regional Court I: On 25 April 2023, the court ruled that the disclosure of positive data by mobile phone operators to SCHUFA violates the GDPR if there is no sufficient legal basis.
Frankfurt Regional Court: In its ruling of 19 March 2024, the court found that there is a claim for damages against SCHUFA if positive data was transferred without a sufficient legal basis.
Tips for consumers
If you believe that a SCHUFA entry is unlawful, there are several legal steps you can take to enforce your rights. Here are the most important steps and tips that can help you clarify the situation and, if necessary, assert claims for damages.
1. Checking SCHUFA data
1.1 Request for disclosure of data
First, you should request a free disclosure of your data from SCHUFA. This is possible once a year free of charge and allows you to view all stored data. You should check the entries for accuracy and completeness.
1.2 Identify incorrect entries
Pay particular attention to entries that may be out of date or incorrect, such as incorrect personal data or contracts that no longer exist. These can have a negative impact on your creditworthiness.
2. Contact SCHUFA
2.1 Objection to an entry
If you discover an incorrect entry, you should immediately submit a written objection to SCHUFA. You should enclose all relevant documents supporting your point of view (e.g. contracts, proof of payment). SCHUFA is obliged to review your objection and respond within a reasonable period of time.
2.2 Setting a deadline
Set a deadline for SCHUFA to clarify the matter (e.g. two to four weeks). Keep all correspondence well documented.
3. Complaint to supervisory authorities
If SCHUFA does not respond to your objection or does not delete the entry, you can lodge a complaint with the competent data protection supervisory authority. This authority can investigate whether a data protection violation has occurred and take appropriate measures.
4. Take legal action
If all other steps prove ineffective, you can take legal action:
Action for annulment: You can apply to the court to have SCHUFA remove the incorrect entry.
Claim for compensation: According to Article 82 of the GDPR, you are entitled to compensation for non-material damage (e.g. stress or stigmatisation) and material damage (e.g. higher interest rates due to a poor credit rating) under certain conditions. However, you must provide concrete evidence of the damage incurred. In addition, the Federal Court of Justice ruled at the end of 2024 that basic compensation is available even without proof of damage.
5 Tips for enforcing your claims
5.1 Documentation: Keep a record of all relevant documents and correspondence to support your claims. Do not rely on telephone conversations with institutions such as hotlines. If possible, write letters.
5.2 Legal advice: Seek legal advice to ensure that all necessary steps are taken correctly.
5.3 Compliance with deadlines: Make sure you meet all deadlines, especially when filing complaints or lawsuits.
5.4 Seeking publicity: In some cases, it may be helpful to draw public attention to your concerns (e.g. through media reports) in order to put pressure on SCHUFA.
Challenging an unlawful SCHUFA entry requires careful preparation and knowledge of the legal framework. Actively pursuing your rights and, if necessary, taking legal action may enable you to have an unjustified credit rating removed and, if necessary, claim damages. It is advisable to seek the assistance of a lawyer in complex cases to ensure the best chances of success.
6. Requirements for compensation – example case constellation
A consumer named Holger Meier from Munich entered into a mobile phone contract that also provided for the transfer of his positive data to SCHUFA. After paying his bills on time, he learned that this information was being stored by SCHUFA. He considered this to be an unjustified violation of his privacy and filed a lawsuit for compensation.
The district court then examined the legal basis for the transfer of his data. SCHUFA argued that it had a legitimate interest under Article 6(1)(f) GDPR to prevent fraud; Meier, however, pointed out that the loss of control over his data had caused him non-material damage. The court ruled partly in his favour; however, it found that he was only entitled to a small amount of compensation because he had not suffered any apparent economic damage.
In order to claim compensation from SCHUFA, several legal requirements must be met. These are based on the provisions of the General Data Protection Regulation (GDPR) and are characterised by the case law of German courts and the European Court of Justice (ECJ). Here are the key points to consider:
6.1 Active and passive legal standing
Active legal standing
Active legal standing lies with the data subject whose rights have been infringed as a result of the data processing. This means that only the person whose data has been infringed can claim compensation.
Passive legal standing
Passive legitimacy lies with SCHUFA or the contractual partner who transferred the data. These parties are responsible for the data breach and can therefore be held liable.
6.2 Breach of the GDPR
The decisive factor for a claim for compensation is the existence of a breach of the GDPR. This may be the case if, among other things
Positive data has been transferred without a legal basis.
The transfer of personal data is not justified by consent or a legitimate interest.
The courts have ruled that the general transfer of positive data without a specific reason constitutes a data protection violation (e.g. the judgment of the Munich Regional Court I of 25 April 2023).
According to the GDPR, the transfer of personal data always requires a legal basis in accordance with Article 6 of the GDPR. Possible justifications are
– Consent of the data subject
– Necessity for the performance of a contract
– Legitimate interest of the data controller
The justification of ‘legitimate interest’ is often controversial and requires a balancing of the interests of the data controller and the fundamental rights of the data subject.
6.3 Compensation
A claim for compensation does not require proof of any specific damage. In addition to the basic amount of compensation, it may be increased on the basis of specific damages. These may be both material and non-material:
Material damage: This may primarily be financial loss that can be directly attributed to an incorrect entry.
Non-material damage: This is immaterial damage such as stress, stigmatisation or a reduction in the standard of living. The ECJ has clarified that the mere loss of control over one’s own data is not sufficient; concrete evidence of a harmful effect must be provided.
In contrast, the Federal Court of Justice ruled in proceedings concerning a data leak from Facebook that the loss of control over one’s own data constitutes non-material damage (judgment of 18 November 2024, ref. no. VI ZR 10/24).
6.4 Causal link and fault
Causality
The damage must be causally linked to the data breach. This means that the user must prove that the error made by SCHUFA directly led to the damage suffered.
Fault
The data processor (in this case SCHUFA or a contractual partner that transfers data) must have acted culpably. This may, for example, be due to negligence or deliberate disregard of data protection regulations.
6.5 Burden of proof
The burden of proof for damage generally lies with the data subject. You must demonstrate that the data breach caused specific damage and not just general dissatisfaction or annoyance.
6.6 Complexity and requirements for filing claims
In summary, it can be said that asserting claims for damages against SCHUFA is complex and several requirements must be met:
- Active and passive legal standing
- Proof of a breach of the GDPR
- Specific material or non-material damage
- Causal link between the breach and the damage
- Culpable conduct of the data controller
- Clarification of the legal basis for the transfer of data
In case of uncertainty, it is recommended to seek legal advice in order to effectively pursue claims and take all necessary steps correctly.
Interview with Dr Schulte on Stern TV about Schufa
7. Cancellation of negative Schufa entries – deadlines and options
7.1 Types of SCHUFA entries
SCHUFA stores both positive and negative information about consumers.
Negative entries result from
- unpaid bills: Overdue debts that have not been paid for a long period of time.
- Loan cancellations: Loans that have been cancelled by the bank due to late payments.
- Enforceable claims: When a claim has been settled by the courts. A court dunning procedure is sufficient.
- Entries in the central debtors‘ register: Among other things, failure to submit a declaration of assets. Also known as a “substitute declaration of oath”, which is submitted as part of enforcement proceedings.
- A large number of credit inquiries: A large number of credit inquiries appear to have a negative impact on the credit score.
The catalogue in Section 31 II BDSG can be used as a guide here.
7.2 Statutory data deletion periods
Personal data used for credit assessment may be stored for as long as necessary for the purposes for which it is stored. Data from credit agencies is stored for the purpose of assessing the creditworthiness of the data subjects. Therefore, they must be deleted at the latest when they no longer have any reliable significance for creditworthiness. This follows from Article 5(1)(e) of the GDPR. At this point, the controller, in this case SCHUFA, is obliged to delete the data in accordance with Article 17(1)(a) of the GDPR. There are no clear legal provisions governing the retention period for data used for creditworthiness assessments.
The situation is different for entries that have been cancelled or transferred from the debt register. The time limits vary depending on the type of entry:
Settled debts: Once the debt has been settled in full, the entry generally remains in place for three years. Deletion takes place exactly three years after settlement. This is based on the rules of procedure for review and storage periods for personal data by German credit agencies.
Discharge ofdebt remainingafter insolvency: From April 2023, discharge of remaining debt will only be stored at SCHUFA for six months.
Other data from debtor directories: These are stored for as long as they are stored in the debtor register.
7.3 Early cancellation of entries
Under certain circumstances, negative entries may be cancelled prematurely. These include
Unauthorised entries
If an entry proves to be incorrect or unauthorised, there is a right to have it deleted immediately. Consumers should:
- Contact the creditor and provide evidence of the error.
- Inform SCHUFA of the facts and request deletion.
Settled minor claims
Minor claims up to £2,000 that have been paid in full within six weeks can be cancelled early. This is subject to there being no other negative entries.
Goodwill arrangements
In some cases, creditors may remove entries as a gesture of goodwill, for example if
- The debt was settled within 100 days.
- At least 18 months have passed since the debt was settled and there are no other negative entries.
In this case, the creditor must actively initiate the deletion.
7.4 Legal support
In complex cases, e.g. disputes regarding the legality of an entry, the support of a specialised lawyer may be helpful. A lawyer can
- Enforce claims for cancellation.
- Contact creditors or SCHUFA for correction or compensation.
7.5 Case studies and examples
A consumer discovered that an incorrect entry had been stored in SCHUFA for almost two years despite a request for cancellation. The court awarded compensation to the person concerned and emphasised the importance of a quick removal procedure.
8. Cancellation of an entry in Schufa due to a ‘special situation’ in accordance with Article 21 of the GDPR in Schufa
Article 21 of the General Data Protection Regulation (GDPR) grants every data subject the right to object to the processing of their personal data on grounds relating to their particular situation. In the context of Schufa, this means that under certain circumstances, you can object to the processing of your data by Schufa.
8.1 What is a ‘special situation’?
A ‘special situation’ is an individual life situation characterised by special circumstances and resulting in the processing of your data causing particular inconvenience to you. This inconvenience must be explained in detail and reliably justified.
Examples of possible special situations:
Discrimination: if you fear that the processing of your data will put you at a disadvantage, for example when looking for accommodation or a job.
Identity theft: If you have been the victim of identity theft, this may constitute a special situation.
Surveillance: If you feel that you are being excessively monitored by data processing, this may also constitute a special situation.
Religious or political beliefs: If data processing is contrary to your deeply held beliefs, this may be considered a special situation.
Health considerations: If the processing of your health data leads to discrimination or threatens your health, this constitutes a special situation.
8.2 How can I explain my special situation?
Be specific and detailed: Describe the specific impact of the data processing on your life situation.
Credible justification: Explain why your situation should be considered special and what interests have been infringed.
Evidence: If possible, provide evidence to support your claims (e.g. medical certificates, police reports).
8.3 Important notes
Individual assessment: Whether a situation is considered ‘special’ is assessed individually for each case.
Balancing: Schufa must weigh your interests against its own interests.
Legal advice: If in doubt, seek legal advice.
9 Effects of cancellation
The cancellation of negative entries has a positive effect on
Creditworthiness: Consumers receive better loan and contract terms.
Financial flexibility: Greater chances of obtaining rental agreements or credit cards.
Reputation: A clean SCHUFA report signals reliability.
Summary: Removing negative SCHUFA entries – how to protect your rights and improve your financial future
Removing negative entries from SCHUFA requires in-depth knowledge of the legal basis and a structured approach. Consumers should regularly check their SCHUFA data and act early to avoid errors or correct them. In complex cases, legal support can help restore creditworthiness and prevent adverse financial situations.
If you are struggling with a negative SCHUFA entry, seek legal assistance to protect your rights. Our law firm specialises in data protection law and SCHUFA disputes. Find out more about how we can help you:
•Help with removing incorrect entries in SCHUFA
•Your rights under the GDPR – Comprehensive legal support
•Contact our law firm – Take advantage of free legal advice
Trust the experience of our team and take care of your financial credibility!
However, consumers are not defenceless: they have the right to view, correct and delete incorrect data. Through systematic review, timely objection and, if necessary, legal support, unjustified entries can be effectively challenged. The legal framework, in particular the General Data Protection Regulation, provides consumers with powerful tools to enforce their rights and protect their creditworthiness. Those who actively manage their SCHUFA data minimise risks and lay the foundation for a stable financial future.
– Removal of unauthorised SCHUFA entries – rights and options
– How the ECJ ruling helps consumers: SCHUFA scoring under fire
– Interview with Dr Schulte: SCHUFA and consumer protection
The recent ECJ ruling also strengthens the position of consumers by subjecting Schufa’s automated scoring to stricter controls. For more information on legal action and compensation claims, please visit the website of Dr Thomas Schulte.
You can also read how consumers can effectively enforce their rights: Schufa scoring and the GDPR.