In this statement, we outline our views on several CJEU cases that can shape the regulatory framework for the provision of credit referencing services in the internal EU market. In our opinion, cross-border access to credit databases will only be meaningful if the rules applied to credit information agencies are applied reasonably consistently throughout the European Union. The GDPR provides for the opportunity to further develop a harmonised framework through interpretation. Codes of conducts in line with the GDPR can shape harmonisation effectively.