Data Protection for debt collection agencies

Complying with data protection law is crucial for debt collection agencies. Data protection law applies to your debt collection agency’s every use of personal data, including when your customers disclose sensitive information about a defaulter or where your own employees gather sensitive information. Data protection law steps in and requires your debt collection agency to take the necessary actions to ensure the protection of that personal data. To comply with these obligations, you need to become aware and learn how to kickstart your debt collection agency’s compliance effectively.

The key purpose of data protection law is to empower and protect people. Your debt collection agency also empowers its customers when you assist them in obtaining the repayment of the debt.

Once your debt collection agency also protects its people’s personal data, it will be further aligned with data protection law and compliance will not be a problem.

You process personal data for your debt collection agency when you:

• collect a sole trader’s name and address from a customer;
• do background checks on debtors (including credit and criminal checks);
• create a database of debtors;
• employ and pay your debt collection agency’s employees;
• control physical access to your debt collection agency’s office (including using access cards and biometric information to grant access); or
• monitor and store CCTV footage for security purposes.

What laws apply to your processing?

Different data protection laws will apply to your debt collection agency depending on where the data subjects are from, where they may be at the time you process their personal data, or where your debt collection agency is based. If you are based in South Africa, you need to comply with the Protection of Personal Information Act (POPIA). But if you also process the personal data of data subjects in the European Union (EU), you may also need to comply with the General Data Protection Regulation (GDPR). You will need to work this question out at the start of your compliance journey.

We understand that you may feel overwhelmed at this stage. Rest assured, you are not the only one asking questions about your debt collection agency’s data protection compliance. Many people in your position have been coming to us, asking:

• Must I comply with the GDPR?
• What is POPIA?
• How do I determine what information we can obtain about debtors?
• What assistance does Michalsons provide to debt collection agencies?
• What else should I be thinking about?

Will joining our programme help your debt collection agency comply?

Yes. That’s the short answer. We understand that you may be working with limited resources and budgets. We want to help you in the most efficient and cost-effective way.  Our data protection for debt collection agencies lens will help you. This lens combined with our practical core programme takes you through the key actions debt collection agencies must take to comply.

Types of organisations

This lens is for organisations that:

• Recovers debt on behalf of customers
• Buy debt from creditors

Types of people

Our data protection for debt collection agencies lens is worth joining for someone who:

• Is involved in advising or helping debt collection agencies;
• Helps run a debt collection agency;
• Is the Compliance Officer, Data Protection Officer, or Information Officer of a debt collection agency.

You’ll achieve the following results as a consequence of participating in our data protection for debt collection agencies lens:

• Raise your awareness by knowing about the data protection laws that apply to your debt collection agency.
• Collect debt from people lawfully by knowing what compliance steps to take and taking them.
• Protect the personal data quickly by finding out what data protection quick wins you can score.
• Reduce your overall costs of compliance by doing it yourself with our assistance.
• Control access to your debt collection agency offices by finding what data protection law requires for access control.
• Keep your debt collection agency offices secure while processing personal data lawfully by learning about CCTV cameras and data protection.

The lens contextualises our core data protection programme into a comprehensive and manageable size for debt collection agencies. We help you achieve specific outcomes by providing written guidance in the lens for you to work through. We provide you with links to useful resources, actions for you to take, and an introductory video for you to watch. To help you achieve the outcomes we also provide tools like templates, checklists and frameworks to fast-track your compliance efforts.

You can watch the introductory video by clicking ‘Watch Intro’ at the top of the page.

• Empower yourself with tools to help you with your compliance efforts by working through the tools section of our programme.

• We believe in using the law as a tool to prevent harm from coming to people.
• We have significant practical experience dealing with data protection law.
• We cover only those areas of data protection law that are most relevant to you, saving you time and money.
• We provide insight and simplify the issues, empowering you to work through the obligations yourself.

Once you have joined the data protection for researchers programme, you can decide when it would be best for you to start working through it and how long you are going to take. You can work through it at your own pace.