On December 13, 2018, the UK government published a guidance notice clarifying what will be expected from UK organisations in the context of amendments to be brought about in the data protection...
The General Data Protection Regulation (Regulation 2016/679), also known as the GDPR, significantly increases the responsibilities and obligations for payments businesses in how they collect and...
On December 6, 2018, Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, was published in the official gazette. The law, which was approved by the...
Financial institutions in Poland are caught between European data protection laws and national on-boarding requirements, forcing some into onerous work-arounds to avoid the risk.
Uncertainty is mounting over Prime Minister Theresa May’s ability to secure parliamentary support for her Brexit plan, but the UK’s top financial regulator has warned that a rumoured “Plan B”...
The UK’s data protection regulator has reassured financial institutions that it will work with them to navigate potential clashes between separate EU legislation on payment services and data privacy.
On November 1, 2018, the Information Commissioner’s Office (ICO) released guidelines in relation to the technical and organisational measures that organisations must implement to be compliant with...
On October 30, 2018, the Information Commissioner’s Office (ICO) released an enforcement notice addressed to AggregateIQ Data Services Ltd (AIQ), in its capacity as a data controller under both the...
European regulators still have work to do to help businesses navigate conflicting requirements between this year’s payments overhaul and shifts in anti-money laundering and data protection reforms,...
Irish data protection authorities have seen a “significant” increase in both complaints and breach notifications since EU-wide reforms took effect in May, PaymentsCompliance can reveal.
The UK’s financial regulator has handed down a £16.4m fine to Tesco Bank for its failings in relation to a cyberattack in 2016, bringing to the fore questions of regulatory jurisdiction in a post...
On September 26, 2018, the Information Commissioner’s Office (ICO) announced that it had formally commenced enforcement proceedings against 34 organisations, including various financial...
On September 24, 2018, France’s data protection authority, the National Commission on Informatics and Liberty (Commission Nationale de l’Informatique et des Libertés - CNIL), published a study...
British Airways has confirmed that cardholders’ CVV numbers were accessed during a recent high-profile data breach, but said the highly sensitive information was not being stored internally.
Lawmakers in the Netherlands have touted the idea of a consent dashboard to be implemented by banks to help consumers manage access permissions given to third-party providers.
This practical guide provides an overview of the notion of “consent” under the General Data Protection Regulation (GDPR), based on the explanations given by the former Article 29 Working Party.

Pages