Institutional Framework

The establishment and operation of the Central Credit Register was introduced by Law 4972/2022 (Government Gazette A 181/23.09.2022). The Law specifies, inter alia, the aim of the establishment of the CCR, its scope and its interoperability with other registers and/or information systems. Moreover, it outlines the basic framework for the operation of the CCR, placing particular emphasis on the provision and processing of credit information, on access to data and on the application of the relevant personal data protection legislation. Finally, it authorises the Governor of the Bank of Greece to issue Acts determining specific operational issues of the Central Credit Register.

Law 5042/2023 (Government Gazette A 88/10.04.2023) and, in particular, Articles 61, 62 and 63 thereof amended certain provisions of Articles 113, 115, 118 and 122 of Law 4972/2022.

As explicitly specified in Law 4972/2022, the GDPR and Law 4624/2019 (Government Gazette A 137/29.08.2019) apply to all processing of a natural person’s data, especially credit information that is collected and held in the Central Credit Register. In this context, debtors are granted specific rights, and corresponding obligations are assigned to the Bank of Greece in its capacity as data controller. Credit information subjects (debtors) are entitled to exercise all of their rights set out in the GDPR and Law 4624/2019.
To comply with the obligations arising from the GDPR and Law 4624/2019, the Bank of Greece, acting as data controller, is responsible, among other things, for:

• Transmitting, retaining and processing data in a way that safeguards the integrity, confidentiality and availability of information, through the design and technical implementation of the integrated information system of the Central Credit Register and its online connection to creditors.
• Confirming identification information and the specified purpose of data processing in cases of interoperability between the Central Credit Register and other registers, authorities or information systems.
• Retaining data, after the period of ten (10) years has expired, in an anonymised form.
  Moreover, access to CCR data is permitted only to persons specified in Article 117 of Law 4972/2022, namely:
• The Bank of Greece and the ECB, to the extent necessary, for carrying out their tasks;
• Credit information subjects, having access exclusively to data concerning them personally;
• Creditors, with access limited to data concerning their debtors, as well as potential debtors that have applied for credit, for the sole purpose of managing credit risk and improving the quality of credit data;
• The Hellenic Data Protection Authority, as well as judicial and prosecutorial authorities, while performing their tasks.

Finally, Article 6(2) of Governor’s Act No. 2697/11.12.2025 stipulates that in case the data provider is not a creditor but acts as a reporting agent to a creditor, such provider is not entitled to use the data transmitted for own purposes, but only for the purposes that are in line with the Central Credit Register.

As regards the handling of personal data, learn more here.

According to the enabling provisions of Law 4972/2022 (Article 122), individual issues regarding the operation of the Central Credit Register are further specified by Bank of Greece Governor’s Acts. In this context, Governor’s Act No. 2691/30.06.2023 was issued, which was subsequently replaced by Governor’s Act No. 2697/11.12.2025, which sets out the following:

 

• Data providers – Creditors
• Terms and conditions on data reporting to the CCR
• Credit thresholds for data reporting
• Technical details and operating specifications
• Ensuring the confidentiality of CCR data
• Ensuring the accuracy, completeness and validity of CCR data
• Access to the CCR and credit reports
• Application of legislation on personal data protection
• Pricing of CCR services
• Implementation stages and first data reporting
• Sanctions
• Any other details conducive to or necessary for the operation of the CCR

 

Pursuant to Article 112(4) of Law 4972/2022, the CCR interoperates with GR-AnaCredit, the analytical credit dataset that is operated by the Bank of Greece under Governor’s Act No. 2677/19.05.2017 and which is used to collect information on loans granted by credit institutions to legal persons.

In order for the CCR to make good use of credit data collected and stored in the GR-AnaCredit Dataset and with a view to achieving synergies, preventing a further reporting burden on credit institutions and meeting the additional data collection needs for the purposes of the CCR, the abovementioned Act was revised by the amending Governor’s Act No. 2692/30.06.2023.

In accordance with the above amending Act, the GR-AnaCredit

Governor’s Act No. 2698/12.12.2025 “Rules of Procedure of the Central Credit Register” further specifies the procedures that govern the Central Credit Register and, in particular, how credit information subjects and creditors interconnect and communicate with the CCR, as well as how credit reports are provided to credit information subjects.