Credit Information Office Of Licensing And Monitoring Provisions

Original Language Title: Kredītinformācijas biroju licencēšanas un uzraudzības noteikumi

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now

Read the untranslated law here: https://www.vestnesis.lv/op/2015/108.6


Cabinet of Ministers Regulations No. 267 in Riga 2 June 2015 (pr. No 27. § 18) credit information Bureau of licensing and supervisory provisions Issued under the credit information Bureau article 8 of the law, the second and third part i. General questions 1. determines: 1.1. requirements the company so it could get a license for the operation of the credit information Bureau (hereinafter licence), including the requirements for liability insurance; 1.2. the arrangements for the issue, suspend, and revoke the re-registered at the license, renew, suspend a license and for the amendment of the licence; 1.3. the order in which the State fee payable for the issue of the licence and its renewal and annual State fee for the credit information Bureau's oversight of operations, as well as the amount of State fee. 2. the State inspection of the data before making a decision on the issue of the licence, renewal, suspension or cancellation is entitled to provide company or credit information Bureau for guidance on the scope of the activities to be carried out to ensure that the shares of the company or credit information Bureau and its compliance with the requirements of this regulation. 3. the data state inspection within three working days after the decision, but not later than one working day before the date of entry into force of the decision on its website placed: 3.1. information about the credit information Bureau, who has received a license, giving information about the activities for which the licence was issued; 3.2. information about the credit information Bureau issued the licence renewal, suspension, cancellation or suspension of licence renewals, as well as the amendment of the licence. II. Requirements regarding the licence, validity and liability insurance 4. for license, as well as the validity of the licence at the time the company must meet the following general requirements: 4.1 it is registered the business regulatory laws in accordance with the procedure laid down in the Republic of Latvia or another European Union or European economic area Member State (if the company is founded in Latvia, it is registered in Latvia branch); 4.2. it is registered to the processing of personal data or personal data protection officer in accordance with the laws of natural persons in the field of data protection. Shares of the company's application for a license may be submitted together with the application for the processing of personal data or personal data protection specialist registration; 4.3. it does not have tax debt (including State social security payment of debt), which exceeds the total amount of 150 euro; 4.4. it does not have a specific prohibition of the practice in the area of financial services; 4.5. the last three years it has not withdrawn the license issued, except in the case where the licence withdrawn at the request of the company; 4.6. in the past year are not penalized for violation of essential administrative business or individual in the field of data protection. 5. to get the license, as well as the period of validity of the license of the company's shareholders (founders), Council and Board members must meet the following requirements: 5.1 each shareholder (founder), who own more than five percent of the shares of the company stock, has impeccable reputation; 5.2. Council and members of the Administrative Board is flawless reputation, the Office requires education and three years of professional work experience in similar duties; 5.3. the Council and the members of the Management Board shall not have been convicted of an intentionally committed criminal offence (whether criminal or removal of deletion); 5.4. when the Council and Board members have been prosecuted for an intentional criminal offence, it is terminated to the person reabilitējoš; 5.5. the Council and the members of the Management Board in the past year are not penalized for administrative offences in the economic or the physical person in the field of data protection. 6. If the company is founded in Latvia and the provision of services in Latvia it has registered a branch office, then the requirements that apply to the company's Board and the members of the Board, is relevant to the person, or persons, who heads the branch in Latvia. 7. the requirements relating to the company's liability insurance: 7.1 the Corporation has a valid liability insurance contract throughout the period of validity of the licence, and it meets the following requirements: 7.1.1 insurance object is a credit information Bureau, civil liability for direct damages to third parties caused by the Act or omission in connection with the handling of credit information; 7.1.2. minimum liability limit is 50 000 euro a year, and should not exceed 1500 euro per one insurance event; 7.2. the cost of claims by third party credit information Bureau within five working days of the renewed insurance against civil liability in respect of the minimum limits of liability. 8. The company's information systems and the processing of personal data (hereinafter the system) security and organizational management under the regulations on the physical protection of personal data and the Latvian National Standard EN ISO/IEC 27001: "information technology for 2014 L. Security techniques. Information security management system. Requirements "and is certified by an external audit report (audit report), which assesses the company's compliance with the requirements of this regulation. 9. Audit report to prepares: 9.1 before receiving a licence; 9.2. every 12 months, counting from the date of receipt of the licence; 9.3. the State inspection of the data request. 10. the Audit report shall be prepared by the expert included in the data State Inspectorate website established on the published list, based on the following requirements experts (hereinafter expert): 10.1. He has the technical capabilities, the necessary knowledge and at least five years of experience, establishing information systems, safety equipment and procedures, the processing of personal data and the protection of the laws and regulations of the compliance requirements and generally accepted good practice principles; 10.2. He is legally and financially independent of the company and its shareholders from the company's indirect shareholders, which control more than 5 percent of the shares of the other Latvian and foreign economic operators that are in one group with shares in the company, and the data state inspection; 10.3. He did not deal with the information system and other information technology production and delivery, which are used by the credit information Bureau for the provision of information. 11. If the expert finds in the course of the audit that the company knowingly provided false information that could affect your credit information activities of the Office, the examiner notifies the data State Inspectorate. 12. Expert providing audit information gained in the course (except for publicly available information). III. Licence and re-registering 13. To get the license, the company shall submit an application in the data State Inspectorate. The application specifies the following information (adding it to the supporting documents): 13.1. details of applicant (company name, registration number, registered address, phone number and e-mail address); 13.2. the shareholders who own more than five percent of the shares of the company; 13.3. If shares of the company or a member of the Board of the Council is an alien, the certificate of criminal and administrative criminal record issued by the country of residence of the person in authority that maintains information about criminal convictions in accordance with national law. The certificate must be issued no earlier than three months before the submission of the licence application; 13.4. If the application is lodged by a foreign company, which Latvia has registered affiliate, the national tax authorities or the competent authorities of the purported statement that a corporation does not have a tax debt (including State social security payment of debt), which exceeds the total amount of 150 euro; 13.5. information which contains at least the following: 13.5.1. connection diagram of computer network equipment and servers to be used; 13.5.2. server data storage devices and network equipment (including model names); 13.5.3. use software a list of versions; 13.5.4. equipment location address; 13.6. system security policy, security and terms of use; 8.5. the risk assessment document. It indicates the following: 13.7.1. the scope of the system; 13.7.2. identifying the risk of impact on the performance of the system (including the evaluation of the risk of joining the probability, material and immaterial losses), the impact on system availability, confidentiality of the data; 13.7.3. If system security breach occurred, in addition to the following details: 13.7.3.1. countermeasures to prevent such infringement; 13.7.3.2. protection features that will be used if the information system security violations recur; 13.7.3.3. not listed resolve risks; 13.7.3.4. list of required improvements (showing them in order of priority); 13.8. the audit report; 13.9. information demonstrating compliance with the joint stock companies that rule 5.1, 5.2 and 7 under these requirements. 13.10. information about the credit information of the sources, as a joint stock company plans to obtain credit information, credit information as well as the categories of beneficiaries; 13.11. the confirmation that personal data processing, information systems, facilities and procedures to comply with the rules and credit information Bureau. This receipt is issued by the joint stock company, which defines the purpose of the processing of personal data and the processing facilities and is responsible for the processing of personal data; 13.12. If shares of the company or any of its elements for the action (for example, equipment or infrastructure) is located outside the Republic of Latvia, the document that substantiates that the national authorities will be able to perform the credit information Bureau for the supervision of the outside activities of the Republic of Latvia concerning credit information activities of the Office in Latvia, or those elements that are outside the Republic of Latvia. 14. in order to make a decision on the issue of the licence, the data State Inspectorate collects the following information: 14.1. from the State revenue service – this provision of the information referred to in point 4.3; 14.2. the register-current information about the company, its Board and members of the Council; 14.3. of the Interior Ministry's information center maintained a fine record, this rule 4.4, 4.6, 5.4 and 5.3, 5.5. information referred to in point; 14.4. other information referred to in this paragraph or other authorities required to assess the company's compliance with the requirements of this regulation. 15. the data State Inspectorate on the issue of the licence or a refusal to grant a licence shall be adopted within one month of the date of receipt of all this provision in paragraph 13 and 14 that information and documents. 16. If the application is not accompanied by all the documents referred to in these provisions or do not provide all these provisions in paragraph 13 and 14 that information, or the information provided is incomplete or inaccurate, or documents not issued according to law, or require additional information for the decision, the State Inspectorate in writing inform the company, indicating the deadline by which the company the documents or information must be submitted and extended this provision referred to in paragraph 15, the adoption of the decision. 17. the data state inspection after the evaluation of the information shall take a decision on the refusal to issue a licence if: 17.1. shares of the company, its shareholders, or members of the Executive Board of the Council does not meet the requirements of this regulation; 17.2. limited company data state inspection has not delivered within the time limit indicated in the relevant documents or information; 17.3. the information received does not give data State Inspectorate in the belief that it will be able to carry out surveillance of the Bureau of credit information in accordance with the procedure prescribed by law and the amount; 17.4. not paid the State fee for the issue of licences for the operation of the credit information Bureau. 18. the State Inspectorate of its information and documentation shall be entitled to take a decision on the refusal to issue a licence if: 18.1. joint stock company supplied false information, and it has an impact on the company's compliance with these rules; 18.2 licence documents submitted or the information they contain does not comply with the statutory requirements, but it does not have a significant impact on the company's compliance with these rules. 19. A license may be issued in electronic form of a document, if the company made such a request. 20. the State Inspectorate decision of licences shall indicate the date of entry into force. 21. With a view to re-registering the license, credit information office no earlier than 4 months and not later than two months before the licence expires, submit national data inspection of the application for license renewal. Data State Inspectorate's application for licence renewal considered at the same time and in the order in which the appearance of the original licence application. 22. If any of the documents or information is already public data at the disposal of the inspection with complete and up to date content, the document or information may submit evidence that the data state inspection earlier in the document or information submitted, no changes. IV. Changes in the duration of the license, the license suspension and cancellation 23. If the license is changed during operation, the information specified in the credit information Bureau issued the licence (company name or registered address), credit information Bureau within three working days after the entry into force in the State inspection of data submitted in the application for the necessary amendments to the licence. The application shall be accompanied by documents proving the facts referred to therein. 24. the State Inspectorate within 10 working days after this provision in paragraph 23 of this disclosure shall take a decision on the amendment of the licence or a refusal to amend the licence. If the decision requires additional information or verification of information, the time limit may be extended up to 30 days. 25. If during operation there is a change in the provisions of chapter II requirement referred to in the enforcement of these provisions or paragraph 13 referred to documents or information, credit information Bureau within 30 days from the date of the change, submit the data State Inspectorate for them by adding changes to the supporting documents and information. If a change of system security and organizational governance enforcement that does not affect the protection of personal data and the security of information, credit information Bureau for information about submitting data during the year the State inspection. 26. the changes in the national inspection of the data previously provided information that affect this rule 4.1 referred to requirements, change this rule 13.2 and 13.12. documents referred to in the credit information Bureau information or inform the data State Inspectorate for at least 15 days before their entry into force. 27. If a person wishes to become a credit information Bureau, with the participation of shareholders at least five percent of the share capital of credit information Bureau, Council or Board Member, a person on it for a month before notifying the data state inspection and submit any required documents justifying its compliance with the requirements of this Regulation as regards the credit information Bureau, Council of shareholders or Board member. 28. the data state inspection month after receiving all the necessary documents, provide the person who wants to become a credit information Bureau, with the participation of shareholders at least five percent of the share capital of credit information Bureau, Council or Board Member, views about whether it meets the requirements of this Regulation as regards shareholders, Council or Board member. 29. the State Inspectorate is empowered to take a decision on the credit information Bureau, the license suspension for up to six months if: 29.1. credit information Bureau, its shareholders, or members of the Executive Board of the Council does not comply with this provision the requirements of chapter II; 29.2. credit information Office repeatedly has not submitted data in its public inspection documents requested and the information credit information Bureau inspection or cooperate with data State Inspectorate; 29.3. credit information Office does not comply with the credit information Bureau, this provision of the law or the requirements of the laws of the physical person in the field of data protection, or does not run Office for credit data binding data State Inspectorate decision of its deadline; 29.4. credit information office late payment of taxes, duties or other compulsory payment is greater than 150 euro and the payment delay exceeds the period of one month after the expiry of the period for payment; 29.5. the annual State fee for the credit information Bureau's oversight of operations. 30. If the credit information Bureau has prevented a data State Inspectorate's decision on the suspension of the licence of any irregularities, the data state inspection decision for the renewal of a licence shall adopt within 10 working days from the date of credit information Bureau or other authority has provided the data state inspection of all relevant information proving the infringement ceases. If the decision requires additional information or verification of information, decision, the time limit may be extended up to 30 days. After the licence is in force to restore its original license expiration date. 31. the State inspection immediately after the decision on the licence renewal of the suspended in writing notify the credit information Bureau. 32. the data State Inspectorate shall decide on the withdrawal of the licence, if: 32.1. credit information Bureau during the year after the data State Inspectorate for a decision on the issue of the licence is not launched a credit information Bureau, or it has ceased operations of the Bureau of credit information for more than six months. This period does not include the period of validity of the data state inspection decision on credit information Bureau for the suspension of the licence; 32.2. credit information Bureau has filed an application with the request to revoke the license; 32.3. credit information Bureau has been declared bankrupt or has taken its shareholders decision to open winding-up proceedings; 32.4. the Court ruling has been adopted or the commercial register includes information on the termination of Office for credit information; 32.5. the license has been suspended for the time and credit information office this time not prevented a breach for which the license was suspended. 33. If the credit information Bureau during the year after the data State Inspectorate for a decision on the issue of the licence shall not initiate credit information office action or is it ended the credit information activities of the Office for a period of more than six months, it shall immediately inform in writing the data state inspection. 34. the data State Inspectorate is empowered to take a decision on the withdrawal of the licence, if: 34.1. credit information has been found essential for the activities of the Office, other commercial or individual data protection regulatory laws; 21.3. credit information Office repeatedly during the year to fulfil the data state inspection decisions or instructions; 21.3. credit information Bureau knowingly provided data State Inspectorate for false information about this rule referred to in chapter II requirements. 35. the State Inspectorate in the decision on the suspension or withdrawal of the license shall specify its entry into force. V. the State fees and payment arrangements 36. State fees for issue of the licence is 9100. Government fees for license renewal is 4550. This fee shall be paid before the submission of the relevant application data State Inspectorate. 37. The annual State fee for the credit information Bureau is supervising 16 220 euro. This fee shall be paid within one month of the issue and further each year up to the date when the licence has been issued. 38. the national credit information Bureau, the fees of a service provider with a credit institution or a body that has the right to provide payment services, specifying the purpose of the payment, the State fee for the issue or renewal of the license or the credit information Bureau's oversight of operations. 39. State fee, including the State general revenue account in the Treasury. 40. If the data State Inspectorate shall refuse to issue a licence or renewal, this provision in paragraph 36 of the State fee shall not be refunded. 41. If a license is revoked, the company paid the State fee for the issue or renewal of the license or the credit information Bureau supervision shall not be refunded. The Prime Minister is the Minister of Justice of Rashness Newsletters amber is Rasnač