The European Data Protection Board (EDPB) has produced guidelines on the relationship between the PSD2 Directive and the General Data Protection Regulation (GDPR). The public consultation on these guidelines runs until 16 September 2020.
The new European Directive for payment services in the Netherlands, Payment Service Directive 2 (PSD2), came into force in 2019.
This Directive provides, inter alia, that not only banks but also other parties may have access to a payment account. This is allowed under certain conditions, such as the account holder's consent.
The protection of consumers' privacy is an important part of PSD2, because payment data are sensitive financial personal data.
Guidelines PSD2 & GDPR
These guidelines provide payment service providers with more clarity on how they can process personal data. The guidelines focus, among other things, on consent, data minimisation, security and transparency.
Do you have any comments or suggestions about the Guidelines on the interplay of the Second Payment Services Directive and the GDPR? Then you can pass these on to the EDPB until 16 September 2020.
The guidelines are currently only available in English. Privacy First has translated the concept guidelines and makes them available in Dutch.
source: Dutch supervisory authority