Discussing reporting obligations with our payments clients recently has revealed a lack of awareness of REP018, a report driven by the requirements of the second payment services directive (PSD2). PSD2 included Article 95(2), which requires payment services providers (PSPs) to report to the competent authority with an operational and security risk assessment. So, what is REP018 and why has it caught so many by surprise?
At what point does empowering individuals to be ‘masters of their own personal data destiny’ encroach on a payment service provider's legal responsibility to prevent fraud, safeguard its venture and limit criminal activity?
GDPR Fines! GDPR Fines! GDPR Fines! The war cry of solicitors and tech consultants across Europe for the past year has become so loud that it’s almost impossible to distinguish it from all the other noise on social media and in the news.
Much of our time is, and seems always to have been, spent trying to interpret exactly what the regulations or, more importantly, the Regulator is expecting. A leading question asked by many compliance officers is, 'what do they expect of my company?'. This is often where the compliance consultant comes in.
If you are a CEO, board member or otherwise involved in delivering a business strategy or IT you probably feel like you are walking around with a GDPR (General Data Protection Regulation) gremlin hanging on your back. It’s whispering the words ‘consent’, ‘processing’, ‘big fines’ and lets no forget ‘privacy statement’ into your ears day in, day out and as May 2018 approaches that soft whisper may start to feel like it’s becoming louder and more aggressive. The gremlin is feeding on continuous marketing emails, blogs (but hopefully not mine!) and newsletters arriving in your inbox with the nightmare scenarios for your company if you don’t get a move on and turn your business into a GDPR paradise. Employing their services to do so, of course.