Trusted Transactions | Entersekt Blog

GDPR? PSD2? Four-letter headaches in need of specialist attention

Posted by Niel Bester, SVP Products, Entersekt

Find me on:

Feb 9, 2017 10:00:00 AM

Time is running out for companies to comply with the European Union’s Revised Payment Services Directive (PSD2), which takes effect in January 2018, and General Data Protection Regulations (GDPR), which kick in in May 2018. The trouble is that these two sets of guidelines are not only strict on their own, but in some respects even seem to work against each other. How are financial institutions to approach this conundrum?



In essence, what PSD2 will do in Europe is to require banks, traditionally the custodians of customers’ personal information, to give third-party providers (such as retailers and fintech providers) access to account information. PSD2 does not specify penalties for non-compliance, but states that EU member states have to lay down their own appropriate penalties.


The GDPR mandates increased control around consumer information privacy, and will apply to all organizations that handle the personal data of any EU resident. This means that it is not only European companies which will be affected. Multinationals will also need to comply in order to keep their European operations – and avoid a fine of up to €20 million ($23 million). It’s no wonder a recent survey by PwC found that GDPR readiness is the highest priority on the security agenda for more than half of the US companies with a European presence. 

What does compliance entail? The GDPR’s primary message is that the power to decide whether or not to share personal data with a company must remain with the customer. Companies must also be thorough and completely transparent in keeping customers informed about how their personal data is used.


Satisfying both these regulations can be tricky. You will need to have the ability to share information, as well as the ability to prove consumer consent for this sharing. Entersekt’s PKI-based solution, Transakt, enables you to capture cryptographically signed consent from the customer when third-party access to sensitive information is requested.

With our technology, providing consent is as easy as accepting or rejecting a push-based request on your mobile. The customer feels empowered, without being subjected to cumbersome and time-consuming authentication processes, while the heavy lifting is done in the background. This method of extracting non-repudiated proof of consent through a convenient, smartphone-based solution significantly simplifies compliance with both PSD2 and GDPR guidelines.

With so many different and potentially even incongruous requirements to meet, the best choice that a company can make is to join up with an experienced and knowledgeable IT partner, who can help them steer through the treacherous waters of regulation.

Topics: Regulatory guidance, Privacy


About Trusted Transactions

Trusted Transactions is Entersekt's blog devoted to keeping our customers, prospects and friends updated with industry news, security threats and technology advances in consumer authentication. We can protect against online banking fraud and account takeovers. Trusted Transactions brings you industry data and insights to help safeguard your online and mobile banking and payments transactions. 

Subscribe to Entersekt's Blog

Download white paper:  OTP: Security past its  expiration date 

Follow Entersekt