GDPR is here – now what?

This past Friday, May 25th, online service providers inundated us with emails announcing their updated privacy policy, all tied to the European Union’s General Data Protection Regulation (GDPR) taking effect.

There are growing concerns over whether GDPR will stifle the way organizations do business, and if enterprises have fully complied within a timeframe that — despite the lead time — seemed to have gotten away from many of us. 

Despite the many breaches affecting enterprises, many C-level executives — just like consumers — are forced to admit that they are unsure where their data is, as well as how and by whom it’s being used. Government’s best shot at answering that question, mainly with consumers in mind, isn’t exactly light treatment. However, we should look at GDPR and its payments cohort, the revised Payment Services Directive (PSD2), as opportunities rather than obstacles to adopting sound data protection practices whether it is for user authentication or transaction authorization.

GDPR: The biggest shake-up to data privacy

One of GDPR’s main provisions is a mandate that special categories of user data derived from personal characteristics – e.g. biometrics deployed for social, convenience or security features – are prohibited from being processed and stored by EU firms and those operating in the EU without expressed consent from the end user. This is a considerable leap from the implied consent given by users, often on social media platforms and mobile banking or payments apps. It’s also a startling wakeup call for enterprises that might be lax or even unaware of the data they collect. With the ultimatum to comply or pay a steep fine, the more innovative financial and other enterprises will do away with seeking consent to retain user data. They’ll abandon the practice of holding touchy data of this kind entirely, and instead seek authentication and payment solutions that ensure that they don’t hold this data in the first place.  

Leave a Reply

Your email address will not be published. Required fields are marked *