The European Payments Council (EPC) has published an infographic setting out the main ways in which the General Data Protection Regulation (GDPR) will affect payments and payment service providers (PSPs). It says that when it comes to data privacy, payments might be one of the most sensitive areas for consumers. Some of the new obligations of PSPs include processing data with the customer's consent – but also in the following circumstances:
- to ensure the performance of a contract;
- to comply with a legal obligation;
- to safeguard a data subject's vital interests;
- for the purposes of legitimate interests (except when this is overridden by the interests and rights of the individual).
The infographic also highlights an important distinction between GDPR and the revised Payment Services Directive (PSD2), noting that the notion of 'sensitive payment data' under PSD2 shouldn't be confused with the special categories of data under GDPR. Under PSD2, PSPs can access/process/retain data only for the provision of the specific services and with the explicit consent of the user. Under the GDPR, however, consent is just one of the possible grounds for processing personal data.
UK retailers less prepared for GDPR than French and German
British retailers are less prepared to comply with GDPR than their German and French counterparts and are also more likely to view data transfer as a significant threat to their business
GDPR puts sub-contractor risk in spotlight – 88% don’t monitor this
The EU's General Data Protection Regulation will come into force in one month and most companies should be prepared – but it means reviewing not just third-parties but sub-contractors too
GDPR goes live on May 25: DOES IT IMPACT YOU?
Are you liable to a fine of 4% of annual global turnover or €20 Million (whichever is greater) due to contravening GDPR regulations in the EU?