Does the PSD2 SCA mandate in payment processing prevent fraud under GDPR Recital 47?

Report, published: April 2020

Navigating PSD2 and GDPR Compliance can leave teams feeling pulled in many different directions at once. 

Almost 2 years after the initial passing of the Payment Services Directive 2 (PSD 2) and the General Data Protection Regulation in 2018, questions persist about how these two laws interact in the overarching regulatory framework. 

It can be difficult for Compliance teams to balance these new legal obligations, especially as the laws that created them appear to have conflicting aims. The PSD 2 seeks to drive the transition to a more secure digital, “Open Banking” style ecosystem, while the GDPR significantly restricts efforts to collect and process data about customers online. 

Phrasing in the legislation can provide clarity, but can still be difficult to understand.

While it can be hard to understand when different conditions apply, regulators use very specific phrasing that can provide guidance when conflicting interests are in play. 

Unfortunately, for most people parsing through legal and regulatory verbiage and deciphering exactly what it all means is no simple task. As the pace of digital business ramps up, companies can ill afford to waste time being uncertain. 

Some insights from GDC’s Compliance Advisory Board...

In this Whitepaper, the CAB goes point by point through relevant sections of PSD 2 and GDPR, explains each of the terms, providing examples to illustrate when and how to apply them.

Key questions: 
  • What constitutes a “legitimate interest” for institutions collecting and processing their customers’ data under the GDPR?

  • What is “Strong Customer Authentication” as it’s laid out in PSD II, and what infrastructure will institutions need to have in place to ensure compliance to this new standard? 

  • How can Institutions strike a balance between doing their due diligence to Know their Customers and protecting those Customer’s privacy rights?

  • As the financial system adopts “Open Banking” as a vision for the future, how might the digitization of financial services create new risks for data security?


Research Type Overview
Published 10 Apr 2020
Geographic Scope    Europe
Editions Online & Mobile Banking