The responsibility for compliance with the Credit Information Act lies with the credit information company.
For example, they are responsible for ensuring that the person to whom the company provides credit information has a legitimate need for the information. Certain provisions of the Credit Information Act are considered so important that it is punishable not to comply with them. This applies, for example, if someone conducts credit information activities without being entitled to it or if someone discloses personal information without there being any legitimate need. The person responsible can then be sentenced to a fine or imprisonment.
Source: Datainspektionen