PSD2 & GDPR Forum 2018

PSD2 & GDPR Forum 2018 

Park Plaza Victoria


Date: February 19 - 20, 2018

2018 has been rightly dubbed as the “Year of PSD2 and GDPR” when these two major regulations will go live in Europe Union at approximately same period.

At first glance, these seem like two different regulations, with some crossover, as both the regulations have similar features. However, according to legal experts these two regulations are set on a collision course as they are also conflicting with each other and could create confusion among banks and other entities. On one hand PSD2 is focussed on driving competition between the payment providers by opening up their APIs allowing Third Party Providers (TPPs) on other hand GDPR aims to strengthen and consolidate data protection for all individuals by giving them more control of their personal data. While PSD2 is promoting data sharing, the GDPR is endorsing data privacy. PSD2 promotes competition as it favours non-bank financial service providers.

There seems to be lack of clarity on what constitutes sensitive payment data which can create challenges for interpretation and implementation leading to increased risk of non-compliance. Also, since PSD2 does not name any penalties for non-compliance and GDPR non-compliance can lead to maximum penalty of 4% of annual global turnover. This can lead some banks to give GDPR compliance greater priority over PSD2.