The year 2018 is set to be a seminal year for EU data security and finances, all thanks to two acronyms: GDPR and PSD2.
The EU will protect personal data and behavioral information of all its citizens by subjecting all organizations and businesses that collect them to General Data Protection Regulation. In short, GDPR ensures that user data will not be collected or indeed shared with outside parties without user knowledge and valid consent. Keywords here are transparency, accuracy, fairness, minimization, purpose limitation and security.
GDPR protects biometric and genetic data, as well as information on health, race, ethnicity, and even sexual orientation or political views, while providing a person their right to have any such data erased from a business’ database or from being transferred to another database. GDPR also affects user consent: no more illegible terms and legalese – consent must be provided via an intelligible and easily accessible form.
User information must come directly from the source, which means far less “data gossip”, i.e. businesses purchasing user information from websites. Any security breaches must be reported to both EU authorities and customers within 72 hours. Non-compliance carries a steep penalty: up to €20 million or 4 percent of global annual turnover, whichever is higher.
Coming hand in hand with GDPR is PSD2: Revised Payment Service Directive. It reinforces customer protection and security of online payments and accounts access within the EU and EEA and is another step towards an open market and a unified European financial market.
What does it mean exactly? Well, businesses can now acquire permission from users to retrieve their account data from the bank and online payments will involve stronger identity checks. Surcharges for card payments will be banned and payments made outside EU, or in non-EU currencies, will have improved consumer protection. Payments via social media or Google accounts and P2P transfers will become available. You will be able to access all your bank accounts through a single portal instead of visiting each bank’s’ website separately.
PSD2 will allow third-party payments service providers to thrive: banks will be obligated to provide them with access to their customers’ accounts through open APIs (Application Program Interface). They will also be able to operate in the entire EU.
PSD2 will also motivate banks to focus on customers and innovate: make their services faster, less formal, easy to access, cheap and more personalized.