2018’s legislative trifecta
PSD2, GDPR, and e-Privacy regulations will have a significant impact on how personal data is stored by businesses
The world’s most valuable resource is no longer oil, but data.
In today’s digitally transformed and connected world, data are produced in vast streams daily, at a mind-boggling volume and pace. A global ‘rush’ is now on to tap data flows and extract value.
Not surprisingly, a heightened focus on data security and customer privacy has followed.
In industries such as gaming, where new ways to pay continue to evolve in response to the expanding digital market and online revenues of $1trillion are expected by 2021, operators and their business partners must place data protection and customer privacy at the very core of what they do.
Ahead of ICE next week, Paysafe has released 2018’s legislative trifecta: Changing the face of e-commerce, a whitepaper that explores the trifecta of legislation that will fundamentally change the face of digital commerce and payments in 2018.
2018’s legislative trifecta
I. The PSD2 legislation came into force in January 2018 with the intention to break down the monopoly that banks hold over user data and improve on PSD1 which came into effect in 2007.
II. The GDPR comes into effect on May 25, 2018 and extends the scope of EU data protection law to all foreign companies processing data that belongs to or relates to EU residents. The cost of non-compliance with this new regime has severe penalties of up to €20 EUR million or 4% of global annual turnover – whichever is greater.
III. The e-Privacy Regulations is separate legislation which is currently in draft and anticipated to come into effect by the end of the year. It will replace existing European Member State Regulations on the way companies collect and store data about customers and their electronic devices (such as computers, mobile phones, tablets, etc.) on-line and through their interactions with websites and mobile apps.
7 Principles: The processing of personal data
Under GDPR, an organisation’s responsibilities when processing personal data after May 25 will be defined by 7 principles, including:
1. Lawfulness, fairness & transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity & confidentiality
7. Accountability
Rights for the individual
Further demonstrating the increased responsibilities facing organisations, these are the 8 rights that the GDPR provides for individuals.
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erase
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling