Schufa help – what to do in the event of a negative entry,
SCHUFA assesses the financial standing of consumers without being asked and makes this data available to the business community. At the same time, the legal system has decided that it is the consumer’s responsibility to control this activity. SCHUFA (Schutzgemeinschaft für allgemeine Kreditsicherung) is a central player in the German financial system that plays a crucial role in assessing the creditworthiness of private individuals and companies. The data collected by SCHUFA influences not only the granting of credit, but also rental contracts and other financial services. In this context, SCHUFA is caught between the conflicting priorities of protecting consumer rights and the need to minimise risks for financial institutions. SCHUFA has significant power in the German financial system and significantly impacts the lives of many consumers. In other words, ‘SCHUFA has more power than the mother-in-law.’
Historical Background
SCHUFA was founded in 1927 to protect creditors from payment defaults. At a time when industrialisation and lending were on the rise, a reliable credit rating mechanism was essential. SCHUFA initially served as a protective association, collecting data on solvency and providing creditors with a sound basis for decision-making.
Over the years, SCHUFA expanded its activities and began collecting more comprehensive data sets on individuals and companies. Digitalisation in the 2000s enabled the automation of processes, bringing both advantages and new challenges. Reliance on automated decision-making can potentially lead to injustices.
Legal framework and regulation – General Data Protection Regulation (GDPR)
The introduction of the General Data Protection Regulation (GDPR) in May 2018 has fundamentally changed the legal framework for data processing in Europe. The GDPR sets strict requirements for the handling of personal data and significantly strengthens consumer rights. The central principles include:
Data belongs to consumers in the first instance. Their data may only be collected for legitimate purposes and only processed to the extent necessary.
Rights of data subjects: Consumers have the right to access their data, correct inaccurate entries and delete data, as well as to claim compensation.
A key aspect is the right to compensation under Art. 82 of the GDPR. This entitles data subjects to claim compensation in the event of unlawful data processing. Legal decisions have shown that the transmission of positive data without a sufficient legal basis may violate the GDPR. On 25 April 2023, for example, the Munich I Regional Court ruled that the disclosure of such data constitutes a disproportionate infringement of the right to data protection. In 2024, the Federal Court of Justice ruled that a claim for damages always exists if an entry is unlawful.
National data protection laws
In addition to the GDPR, SCHUFA is subject to specific German data protection laws that supplement European norms. These laws regulate, among other things, the processing of data for credit checks. Consumers can file complaints with regulatory authorities or take legal action in the event of data protection violations.
Functionality of SCHUFA
Data collection and processing
SCHUFA collects data from various sources:
Banks and credit institutions
Mobile phone providers
Mail order companies
– Collection agencies
Any interaction a consumer has with these institutions can result in the transmission of information to SCHUFA. This data is summarised in a so-called SCHUFA score, which reflects the probability that a person will meet their financial obligations.
Impact of the SCHUFA score
The SCHUFA score has far-reaching effects on:
Positive scores: A high score indicates reliability and facilitates access to credit and other services.
Negative scores: A low score can restrict access to financial services and result in higher interest rates. Factors such as payment defaults or high levels of debt have a negative impact.
Transparency and consumer rights
Consumers have the right to request information about their data stored by SCHUFA once a year free of charge. This information enables them to identify errors and have them corrected if necessary.
Criticism and controversy
The information provided offers a comprehensive overview of the legal basis and requirements for claims for damages against SCHUFA, particularly in the context of data transfer.
Statistical data on data accuracy and the impact on consumers
1. Error rate in SCHUFA data
According to a study by the Federation of German Consumer Organisations (vzbv) from 2021, about 30 percent of respondents said that they had already had problems with incorrect entries at SCHUFA. This shows that a significant number of consumers are affected by inaccuracies in their credit data.
2. Impact on credit access
A survey by the Institute for Financial Services (iff) found that 20 per cent of borrowers have been unable to obtain credit due to a negative SCHUFA score. This figure illustrates how much SCHUFA’s decisions can influence consumers‘ financial lives.
3. Perception of consumers
In a survey conducted by the market research institute YouGov, 45 per cent of respondents stated that they feel unsure whether their data at SCHUFA is correct. This uncertainty can lead to a feeling of powerlessness and affect trust in the system.
4. Legal action
According to a survey conducted by the German Bar Association (Deutscher Anwaltverein, DAV), in 2022 about 10 per cent of consumers who had a negative entry in the SCHUFA credit report took legal action to challenge inaccurate data. This shows that many of those affected are willing to actively demand their rights, although this is often associated with high hurdles.
5. Claims for damages
An analysis of the number of lawsuits shows that in 2023, about 15 percent of lawsuits against credit bureaus like SCHUFA were aimed at claiming damages for inaccurate data.
The statistical data illustrates the far-reaching effects of incorrect or inaccurate SCHUFA data on consumers. The high error rate and the associated financial disadvantages lead many people to take legal action to enforce their claims. At the same time, surveys show that there is considerable mistrust regarding the accuracy of the stored data.
Data protection concerns
The extensive data collection has raised concerns about data protection. Critics fear that SCHUFA creates detailed profiles that go beyond the actual purposes of credit assessment.
Automated decision-making
The use of automated systems to calculate scores raises questions about fairness and transparency. The GDPR requires that data subjects must have the right to a manual review of such decisions. Accordingly, the ECJ has strengthened consumer rights.
Legal judgments on SCHUFA
There are several important judgments regarding the legal framework for claims for damages against SCHUFA. Here are some examples.
Munich I Regional Court: On 25 April 2023, the court ruled that the disclosure of positive data by mobile phone providers to SCHUFA violates the GDPR if there is no sufficient legal basis.
Frankfurt Regional Court: In a ruling dated 19 March 2024, the court found that there is a claim for damages against SCHUFA if positive data was transmitted without a sufficient legal basis.
Tips for consumers
If you consider a SCHUFA entry to be unlawful, there are several legal steps you can take to enforce your rights. Here are the most important steps and tips that can help you clarify your situation and, if necessary, assert claims for damages.
1. Checking SCHUFA data
1.1. Requesting self-disclosure
First of all, you should request your free self-disclosure from SCHUFA. This is possible free of charge once a year and allows you to view all the data stored about you. Check the entries for correctness and completeness.
1.2. Identify incorrect entries
Pay particular attention to entries that may be out of date or incorrect, such as incorrect personal data or contracts that no longer exist. These can negatively affect your creditworthiness.
2. Contacting SCHUFA
2.1. Objecting to the entry
If you notice an incorrect entry, you should immediately object to SCHUFA in writing. Enclose all relevant documents that support your point of view (e.g. contracts, proof of payment). SCHUFA is obliged to review your objection and respond to you within a reasonable period of time.
2.2. Setting a deadline
Set SCHUFA a deadline for clarifying the matter (e.g. two to four weeks). Keep good records of all correspondence.
3. Complain to the supervisory authorities
If SCHUFA does not respond to your objection or does not remove the entry, you can file a complaint with the relevant data protection supervisory authority. This authority can check whether a data protection violation has occurred and take appropriate action.
4. Take legal action
4.1. Action for deletion or compensation
If all other steps are unsuccessful, you can take legal action:
Action for deletion: You can apply to the court for SCHUFA to delete the incorrect entry.
Compensation: According to Art. 82 GDPR, under certain conditions, you are entitled to compensation for immaterial damages (e.g. stress or stigmatisation) as well as for material damages (e.g. higher interest rates due to a poor score). However, concrete evidence of the damage suffered must be provided. In addition, the Federal Court of Justice ruled at the end of 2024 that there is also basic compensation without proof of damage.
5. Tips for enforcing your claims
5.1. Documentation
Keep all relevant documents and correspondence to support your claims. Please do not rely on telephone conversations with institutions or hotline calls. If possible, write letters.
5.2. Legal advice
Use legal advice to ensure that you take all the necessary steps correctly.
5.3. Be aware of deadlines
Be sure to meet all deadlines, especially when filing complaints or lawsuits.
5.4. Seek publicity
In some cases, it can be helpful to draw public attention to your concerns (e.g. through media reports) to put pressure on SCHUFA.
Challenging an unlawful SCHUFA entry requires careful preparation and knowledge of the legal framework. By actively exercising your rights and, if necessary, taking legal action, you may be able to remove an unjustified burden on your creditworthiness and, if applicable, assert claims for damages. It is advisable to seek the assistance of a lawyer in complex cases to ensure the best chance of success.
6. Requirements for compensation – example case
A consumer named Holger Meier from Munich took out a mobile phone contract that also provided for the transmission of his positive data to SCHUFA. After paying his bills on time, he later learned that this information was stored at SCHUFA. He perceived this as an unjustified intrusion into his privacy and sued for damages.
The district court then examined the legal basis for the transmission of his data. Schufa argued that it had a legitimate interest in preventing fraud in accordance with Article 6(1)(f) of the GDPR; however, Meier pointed out that the loss of control over his data had caused him non-material damage. The court ruled in his favour in part; however, it found that the claim for damages was only minor because he had not suffered any demonstrable economic disadvantage.
In order to assert a claim for damages against SCHUFA, several legal requirements must be met. These are based on the provisions of the General Data Protection Regulation (GDPR) and are shaped by the case law of German courts and the European Court of Justice (ECJ). Here are the main points to keep in mind:
6.1. Active and passive legitimation
Right to take action
The right to take action lies with the data subject whose rights have been violated by the data processing. This means that only the person whose data is affected can claim damages.
Right to be sued
The right to be sued lies with SCHUFA or the contractual partner that transmitted the data. These parties are responsible for the data protection violation and can therefore be held liable.
6.2. Violation of the GDPR
A crucial point for the claim for damages is the existence of a violation of the GDPR. This may be the case, for example, if:
positive data has been transmitted without an appropriate legal basis.
The transmission of personal data is not justified by consent or a legitimate interest.
Courts have found that the blanket transfer of positive data without specific cause in particular constitutes a data protection violation (e.g. judgment of the Munich I Regional Court of 25 April 2023).
Under the GDPR, the transfer of personal data always requires a legal basis in accordance with Art. 6 GDPR. Possible justifications are:
Consent of the data subject
Necessity for the performance of a contract
– Legitimate interest of the data processor
In particular, justification on the basis of a ‘legitimate interest’ is often disputed and requires a balancing of the interests of the data processor and the fundamental rights of the data subject.
6. 3. Damages
The right to compensation does not require proof of specific damage. In addition to the basic amount of damages, this can be increased due to specific damage. This can be both material and immaterial in nature:
Material damage: This could primarily be a financial loss directly attributable to the incorrect entry.
Non-material damage: This is intangible damage such as stress, stigmatisation or an impairment of living standards. The ECJ has made it clear that a mere loss of control over one’s own data is not sufficient; concrete evidence of an adverse effect must be provided.
On the other hand, the Federal Court of Justice ruled in the proceedings regarding the Facebook data leak that a loss of control over one’s own data does constitute non-material damage (judgment of 18 November 2024, ref. VI ZR 10/24).
6.4. Causality and fault
Causality
The damage must be causally attributable to the data protection violation. This means that you must prove that the registered error at SCHUFA directly led to the damage you suffered.
Culpability
The data processor (in this case SCHUFA or the transmitting contractual partner) must have behaved culpably. This could have occurred, for example, through negligence or deliberate disregard of data protection regulations.
6.5 Burden of proof
The burden of proof for the damage generally lies with the data subject. You must demonstrate that the data protection violation has caused specific damage and that there is more than just general dissatisfaction or annoyance.
6.6 Complexity and requirements for assertion
In summary, it can be said that asserting a claim for damages against SCHUFA is complex and several requirements must be met:
1. active and passive legitimation
2. Proof of a violation of the GDPR
3. Concrete material or immaterial damage
4. Causal link between the violation and the damage
5. Culpable behaviour of the data processor
6. Clarification of the legal basis for the data transfer
It is advisable to seek legal advice in case of uncertainty in order to effectively enforce your claims and to take all necessary steps correctly.
7. Deletion of negative SCHUFA entries – deadlines and options
7.1. Types of SCHUFA entries
The SCHUFA stores both positive and negative information about consumers.
Negative entries arise from:
- Unpaid bills: Outstanding debts that have not been paid over a long period of time.
- Loan cancellations: Loans that have been cancelled by the bank due to payment arrears.
- Enforceable claims: If the courts have ruled on the claim. The judicial dunning procedure is sufficient.
- Entries in the central debtor directory: Among other things, failure to provide information on assets. Also known as an ‘affidavit’ that is submitted in the context of a foreclosure.
- A large number of credit enquiries: A large number of credit enquiries seems to have a negative influence on the score.
The catalogue of § 31 II BDSG can be used as a guide here.
7.2. Legal deletion periods
Personal data used for the purpose of assessing creditworthiness may be stored for as long as is necessary for the purposes for which it is stored. Data from credit reference agencies is stored for the purpose of assessing the creditworthiness of the persons concerned. It must therefore be deleted at the latest when it is no longer of any reliable significance for the creditworthiness. This is stated in Art. 5 Para. 1 (e) of the GDPR. At this point in time, the controller, in this case SCHUFA, is obliged to delete the data in accordance with Art. 17 (1) point a) GDPR. There is no clear legal regulation governing the storage period for data used to assess creditworthiness.
The situation is somewhat different with regard to entries that have been settled or transferred from the debt register. The deadlines vary depending on the type of entry:
Settled claims: After a claim has been settled in full, the entry usually remains for another three years. The deletion takes place exactly three years after settlement. This is based on the rules of conduct for the review and storage periods for personal data by German credit reference agencies.
Residual debt discharge after insolvency: Since April 2023, the residual debt discharge has only been stored in the SCHUFA for six months.
Other data from the debt registers: These are stored for as long as they remain in the debt register.
7.3. Early deletion of entries
Under certain circumstances, negative entries can be deleted earlier than usual. These include:
Unauthorised entries
If an entry is demonstrably incorrect or unauthorised, the consumer has the right to demand immediate deletion. Consumers should:
1. Contact the creditor and provide evidence of the error.
2. Inform SCHUFA of the facts and request deletion.
Settled small claims
Small claims of up to €2,000 that have been paid in full within six weeks can be deleted early. The prerequisite is that no other negative entries exist.
Goodwill settlement
In some cases, creditors can have entries deleted on a goodwill basis, for example if:
- The claim was settled within 100 days.
- At least 18 months have passed since the payment and there are no other negative entries.
To do this, the creditor must actively request the deletion.
7.4. Legal support
In complex cases, such as disputes about the legality of an entry, the support of a specialised lawyer can be helpful. A lawyer can:
- Enforce claims for deletion.
- request that creditors or SCHUFA correct the data or pay compensation.
7.5 Case studies and examples
A consumer found that an incorrect entry remained in the SCHUFA database for almost two years despite a request for deletion. The court awarded the affected party damages and underlined the importance of a quick deletion process.
8. Deletion of the Schufa entry due to a ‘special situation’ according to Article 21 GDPR at Schufa
Article 21 of the General Data Protection Regulation (GDPR) grants every data subject the right to object to the processing of their personal data on grounds relating to their particular situation. In the context of Schufa, this means that under certain circumstances you can object to the processing of your data by Schufa.
8.1. What is a ‘particular situation’?
A ‘special situation’ is an individual life situation characterised by specific circumstances that result in the processing of your data having particular disadvantages for you. These disadvantages must be specifically explained and plausibly justified.
Examples of possible special situations:
Discrimination: If you fear that the data processing will lead to discrimination, for example when looking for a flat or a job.
Identity theft: If you have been a victim of identity theft, this may constitute a special situation.
Surveillance: If you feel that you are being excessively monitored as a result of the data processing, this may also constitute a special situation.
Religious or political beliefs: If the data processing conflicts with your deeply held beliefs, this may be considered a special situation.
Health reasons: If the processing of your health data leads to discrimination or endangers your health, this is considered a special situation.
8.2. How can I demonstrate my special situation?
Specifically and in detail: Describe the specific effects of the data processing on your life situation.
Plausible reasoning: Explain why your situation is to be regarded as special and which of your interests are affected.
Supporting documents: If possible, enclose any documents that support your claims (e.g. medical certificates, police reports).
8.3 Important information
Individual assessment: Whether a situation is considered ‘special’ is assessed on a case-by-case basis.
Weighing up: Schufa has to weigh up your interests against its own interests.
Legal advice: If in doubt, seek legal advice.
9. Effects of deletion
The deletion of negative entries has a positive effect on:
Creditworthiness: Consumers receive better terms for loans and contracts.
Financial flexibility: Better chances of getting a rental contract or credit cards.
Reputation: A clean SCHUFA report indicates reliability.
Conclusion: Delete negative SCHUFA entries – this is how you protect your rights and improve your financial future
The deletion of negative SCHUFA entries requires a sound knowledge of the legal basis and a structured approach. Consumers should regularly check their SCHUFA data and act promptly to avoid mistakes or have them corrected. In complex cases, legal support can help to restore creditworthiness and prevent financial disadvantages.
But consumers are not defenceless: they have the right to inspect, correct and delete incorrect data. With a systematic review, timely appeal and, if necessary, legal support, unjustified entries can be successfully challenged. The legal framework, in particular the General Data Protection Regulation, offers consumers strong tools to enforce their rights and protect their creditworthiness. Those who actively manage their SCHUFA data minimise risks and create the basis for a stable financial future.
Author: Dr. Thomas Schulte, Attorney
Contact:
Dr. Thomas Schulte Law Office
Malteserstraße 170
12277 Berlin
Telephone: +49 30 221922020
Email: dr.schulte@dr-schulte.de
The law firm of Dr. Schulte, Rechtsanwalt, has been successfully practising civil law since 1995, specialising in the areas of internet, reputation and competition law. It represents the interests of individual investors throughout Germany. You can find additional sender information with the law firm’s location in the imprint on the website www.dr-schulte.de.
some information in German language
Schadenersatzansprüche gegen die Schufa bei Datenübermittlung
Warum darf die Schufa meine Daten speichern? – Schufa Eintrag löschen