20 September 2017
Stacey Small

88638

Stacey Small - The Glue.com

7Posts 45,407Views 0Comments
Innovation in Financial Services

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

2018 - The Year of PSD2, GDPR and Innovation

20 August 2017  |  8506 views  |  2

2018 is set to be a very interesting year - particularly if your role has anything to do with payments or data. The go live date for PSD2 is Saturday 13th January and GDPR a short five months later, on Friday 25th May. Both these high profile initiatives are being driven by the European Commission and the combined implications in terms of what needs to be done in order to comply with these directives are pretty hefty. And the impacts felt by both the industry and the consumer are set to be far reaching.

The PSD2 directive is focussed on increasing competition between the payment providers. What this means is that the banks will have to open up their APIs so that TPPs can directly access their client's account data. For consumers who hold more than one bank account, the changes would also enable new businesses to display all their account information in one place for them. PSD2 will also enforce stricter controls around identity checking when making online payments and for higher value transactions.

The purpose of the GDPR directive is to strengthen and unify data protection for all individuals. This means that the individual will be back in control of their personal data. It will also provide a number of rights including access to their data and the ability to withdraw it on demand. It also means that organisations will no longer be able to simply gather data without valid cause, and must prove that they are doing all they can to protect the data they do hold.

Whilst at first glance it may seem that these two directives have different end games, the crossover should be considered.

Well - I've said it before and I'll say it again - 'Customer is King'.

While both PSD2 and GDPR appear to be unconnected, both do in fact share two common aims - putting customers back in control of their own data and keeping that data safe. GDPR and PSD2 are built on the principles that individuals own their personal data and should therefore be able to choose how it is used, and with whom it is shared.

So, if PSD2 is forcing the idea that third party providers can access client owned data directly, GDPR is ensuring that data remains the sole property of the individual. So providing appropriate controls and consent are in place then PSD2 and GDPR are in fact going to meet rather often.

I can't help but feel at the moment that PSD2 and GDPR are still being approached in a siloed manner, probably being driven by different departments. The EC are clearly on the road towards an open banking environment and the close proximity of these two directives surely highlights this.

Banks need to change, vision needs to be realigned and attitudes need to be opened up.

2018 is a year for change and should be tackled by implanting a solid foundation to build and innovate upon. 

 

TagsPaymentsInnovation

Comments: (2)

Carlos Figueredo
Carlos Figueredo - Open Vector Limited - London | 21 August, 2017, 14:37 In reading your post the one thing that stands out to me is the point on PSD2 and GDPR being viewed as silos. This is something that we have been trying to explain that they need to be viewed in conjunction with and not exclusive of each other. There is also, in my point of view, vagueness at best around how they both deal with each other in any formal aspect so there is an absolute opportunity by the relevant EU body/íes to provide a bit more guidelines. Open to discuss via this mean or privately.
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Jonathan Williams
Jonathan Williams - Mk2 Consulting Ltd - Rugby | 06 September, 2017, 10:15

One key area of overlap is PSD2 Article 97-1 (c) which covers the need Strong Customer Authentication in the case of a remote action by a payment service user with a risk of payment fraud or other abuse.

This says that in those cases where a PSU is remotely requesting an action from their PSP which might result in abuse, they have to strongly authenticate it's really their customer, as I guess we'd expect.

I think this was designed for things like change of address or re-issue of bank cards but it also applies to data subject access requests under GDPR. I'd vuew this as applying to all remote channels including post and telephone.

So if you do make a request for all your data, rest assured, your bank will know it's you.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Stacey

2018 - The Year of PSD2, GDPR and Innovation

20 August 2017  |  8506 views  |  2 comments | recomends Recommends 0 TagsPaymentsInnovationGroupInnovation in Financial Services

How large is micro?

02 June 2017  |  5715 views  |  1 comments | recomends Recommends 1 TagsEBAdayInnovationGroupDigital Banking Trends

PSD2 is fast approaching. Don’t bury your head in the sand

19 May 2017  |  8764 views  |  1 comments | recomends Recommends 0 TagsRisk & regulationEBAdayGroupEBAday

DigitalTransformation: The key is an enlightened CEO.

12 May 2017  |  8123 views  |  0 comments | recomends Recommends 1 TagsRetail bankingInnovationGroupDigital Banking Trends

Stacey's profile

job title Business Development
location London
member since 2017
Summary profile See full profile »

Stacey's expertise

Member since 2016
0 posts0 comments
What Stacey reads
The Glue Fintech

Who's commenting on Stacey's posts

Jonathan Williams
Carlos Figueredo
Ketharaman Swaminathan
Melvin Haskins
Tom Hay