Click here to see infographic outlining both PSD2 and GDPR.
The Second Payment Services Directive (PSD2) is a fundamental piece of
payments-related legislation in Europe, which entered into force in January
2016. PSD2 requires payment service providers to make significant changes
to existing operations. Close on its heels is the General Data Protection
Regulation. These regulations aim to increase competition, enable open
data sharing and put customers in control of their data and how it is used.
Now is the time to begin assessing aspects of business operations to identify
the potential impact of PSD2 and GDPR.
SECOND PAYMENT SERVICES DIRECTIVE
WHAT ARE THE AIMS OF PSD2
1) Protection - Better protect consumers when they pay online.
2) Promotion - Promote the use of innovative and emerging technologies
for online and mobile payments.
3) Processing - Make payments safer and more secure.
WHAT ARE THE IMPACTS OF PSD2
1) Increased Competition – A streamlined process to obtain licenses
for new entrants will increase competition
2) Increased Security – The requirement to have Strong Customer Authentication
will reduce the risk of fraud
3) Access to Data/Data Sharing – Operational and systems impacts
to enable Payment Service Providers' access to data via new secure
and direct data links. The third-party data sharing
environment envisaged under PDS2 will have significant overlaps with GDPR
(General Data Protection Regulation)
GENERAL DATA PROTECTION REGULATION
GDPR follows PSD2 and gives consumers more control over how personal data
is used. Organisations cannot simply gather data without good reason,
and must prove they are doing all they can do to protect it. The impacts
are wide reaching and are very much aligned.
WHAT ARE THE AIMS OF GDPR
Protection - Better protection from privacy and data breaches.
Transparency - Easier for consumers to under-stand how their data is being used.
Consent - Must be as easy to withdraw consent as it is to give consent
and consent must be explicit.
PREPARING FOR IMPLEMENTATION
Impact assessments should be completed on all aspects of business operations
to assess the potential impact of PSD2 and GDPR:
- Fraud Strategies
- Security and Risk Management
- IT systems
- Products and Services
- Staff Training
- Process and Procedures
- Customer Journey
- Marketing Materials
- Complaints and Dispute Resolution
- MI and Reporting