# Article 22: automated decisions and your right to a human review

*Source: https://credicorp.co.uk/article-22-automated-decisions-and-your-right-to-a-review/*

More and more decisions — from loan applications to job screening — are made or assisted by software. That raises a fair question: if a computer decides something important about you, can you ask a person to look again? UK data-protection law has a specific answer to this, found in Article 22 of the UK General Data Protection Regulation (UK GDPR). This article explains what Article 22 says in plain English, what it does and does not cover, and how it connects to the way we make lending decisions. It is general commentary, written so you understand the right and how to use it.

## What Article 22 says

Article 22 of UK GDPR deals with what it calls “automated individual decision-making”. In broad terms, it gives a person the right not to be subject to a decision based *solely* on automated processing — including profiling — where that decision produces legal effects concerning them or similarly significantly affects them.

Two words in that sentence do a lot of work. The first is “solely”: Article 22 is about decisions made entirely by automated means, with no meaningful human involvement. The second is “significantly”: it bites on decisions that have a serious effect on a person, which a credit decision can. Where the right applies, the law expects safeguards — in particular, the ability to obtain human intervention, to express your point of view, and to contest the decision.

## What it does and does not cover

It is important to be precise here, because Article 22 is often described more broadly than it actually operates. The right is focused on decisions made *solely* by automated processing. Where a real person is genuinely involved in reaching the decision, or reviews it meaningfully, the decision is not “solely” automated, and the specific Article 22 restriction is not engaged in the same way.

There are also limited situations in which solely automated decisions are permitted — for example, where they are necessary for entering into a contract — but even then the law requires safeguards, including a route to human review. The practical upshot for any borrower is the same: you should be able to ask a person to look at a significant decision about you, and to understand the basis for it.

It is worth separating this from financial regulation. Article 22 is a data-protection right; it applies to how a decision is made about your personal data. It does not change the fact that our lending to a company is outside FCA consumer-credit regulation, and it does not bring in the Financial Ombudsman Service or the Financial Services Compensation Scheme. Those are different regimes addressing different things.

## How we make lending decisions

We use technology to help assess applications quickly — it is part of how we can often reach a decision fast. But speed is not the same as handing the decision entirely to a machine with no way back. We explain our approach on our [how we lend page](/how-we-lend/), including the information we look at: the company’s business credit file, its turnover and bank-account history, and an identity check on the director. Affordability is assessed on the company, not on the director’s personal income.

Crucially, where an application is declined, you are not left with a closed door and no explanation. You can ask us to review the outcome, with a person involved. We set out exactly what that looks like — and what you can do next — in our guide to [what happens if your application is declined](/support/what-happens-if-your-application-is-declined/). That human-review route reflects the spirit of Article 22: a significant decision should not be the final word of an algorithm alone.

## Using the right in practice

If you ever want to understand or challenge a decision we have made, start with the decline guide above, which explains how to ask for a review. If your question is specifically about the personal data behind a decision, our [privacy notice](/privacy/) explains how we process it and how to raise a data-protection query.

Automated tools can make lending faster and more consistent, which is good for applicants. But the law rightly insists that a person remains reachable when a decision matters. We agree with that principle, and we build a human-review route into our process precisely so that the answer to “can a person look again?” is yes.

---

Credicorp Limited — UK lender to limited companies (Company No. 16093826). credicorp.co.uk