Schufa

Schufa Holding AG (Schutzgemeinschaft für allgemeine Kreditsicherung; English: General Credit Protection Agency ), proper spelling SCHUFA, is a German private credit bureau supported by creditors. It has its headquarters in Wiesbaden, the capital of Hessen, Germany.

Schufa's purpose is to protect its clients from credit risks. It also offers protection from insolvency to borrowers.

Schufa has 943 million records on 67.7 million natural persons, and 6 million companies. Schufa processes more than 165 million credit checks each year. Of those, 2.5 million are self-checks by citizens. Schufa employs 900 people (as of 2019). In 2016 Sales amounted to approx. 190 million Euros.

History
At the beginning of the 20th century, the Berlin city electric company (BEWAG) offered household appliances for sale on installment plans. At the time, the financing was compared with electric bills and only regularly paying customers would be supplied with appliances. This started a system for assessing payment behavior.

With the experience they gained from BEWAG, Walter and Kurt Meyer, along with Robert Kauffmann established the Schutzgemeinschaft für Absatzfinanzierung (English: Protective Association for Sales Financing) in 1927. Soon after, 13 more regional credit bureaus were formed in Germany. In 1952, the 13 West German credit bureaus were merged into Bundes-Schufa e. V.

Bundes-Schufa e. V. changed its name in 2000 to Schufa Holding AG and in 2002 acquired the shares of the 8 regional credit bureaus. The board of Schufa Holding AG is made up of three members, and the supervisory board has 9 members, 3 of which are Schufa employees.

Data protection
In the 1970s, Schufa migrated to electronic records, which then fell under the German Federal Data Protection Act when it came into force in 1979.

On a case brought by the Berlin consumer protection society (Verbraucherschutzverein), the Federal Court of Justice of Germany gave the so-called "Schufa decision", ruling that personal data could not be given to Schufa without the customer's consent. This regulation was rendered obsolete by the introduction of the General Data Protection Regulation (GDPR), which states that the legitimate interest of the company alone is sufficient to transfer data to Schufa.

Data protection
Responding to Schufa’s expansion into new areas of business such as the housing and insurance sectors, as well as debt collection, the German Data Protection Office and several regional Data Protection Officers issued a joint press statement on 15 May 2003 in which they warned against the risk that Schufa was evolving into a privately controlled central database. According to the joint press statement, each additional data source was moving ever closer “to a detailed Personality Profile of the individuals affected” This would make a reality of the “transparent citizen”

Wrong data
In 2009 the German Ministry for Consumer Protection (Bundesverbraucherschutzministerium) undertook a study of the error rates of various credit bureaus, and identified a very high error rate at Schufa.

Consumer watchdog Stiftung Warentest had already conducted an investigation in 2003 which concluded that many items (69%) of Schufa data were incomplete, out of date, or wrong. In 2010 the organisation checked a new sample and concluded that 1% of the data held by Schufa were wrong, 8% were out of date and 28% were incomplete. The Schufa business model is clearly based on a so-called “reciprocity principle” whereby the company’s business partners are contractually required to report data updates.