Does the PSD2 SCA mandate in payment processing prevent fraud under GDPR Recital 47?

It can be difficult for Compliance teams to balance these new legal obligations, especially as the laws that created them appear to have conflicting aims. The PSD 2 seeks to drive the transition to a more secure digital, “Open Banking” style ecosystem, while the GDPR significantly restricts efforts to collect and process data about customers online. 

While it can be hard to understand when different conditions apply, regulators use very specific phrasing that can provide guidance when conflicting interests are in play. 

Unfortunately, for most people parsing through legal and regulatory verbiage and deciphering exactly what it all means is no simple task. As the pace of digital business ramps up, companies can ill afford to waste time being uncertain. 

Some insights from GDC’s Compliance Advisory Board...

In this Whitepaper, the CAB goes point by point through relevant sections of PSD 2 and GDPR, explains each of the terms, providing examples to illustrate when and how to apply them.

Key questions: 

• What constitutes a “legitimate interest” for institutions collecting and processing their customers’ data under the GDPR?

• What is “Strong Customer Authentication” as it’s laid out in PSD II, and what infrastructure will institutions need to have in place to ensure compliance to this new standard? 

• How can Institutions strike a balance between doing their due diligence to Know their Customers and protecting those Customer’s privacy rights?

• As the financial system adopts “Open Banking” as a vision for the future, how might the digitization of financial services create new risks for data security?