A dedicated mobile app to capture Strong Customer Authentication for PSD2

Regulations > GDPR

REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

'personal data' means any information relating to an identified or identifiable natural person ('data subject')
The 'processing' of personal data (e.g. collection, storage, use) shall be lawful only if, for example, the data subject has provided their consent.
Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to the processing of his or her personal data.
The data subject has the right to withdraw his or her consent at any time.
Home page of EU GDPR
Where personal data is processed by automated means, the controller shall also provide means for requests to be made electronically (by the data subject, free of charge).
Where the data subject makes the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by the data subject.
Requests include a) Information on personal data being processed; b) Rectification and erasure; c) Port data (in a structured electronic format) to the data subject or electronically to a 3rd party organisation; d) Objections.
Security of Personal Data
The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data.
Administrative Fines
€10,000,000 or up to 2% of the total worldwide annual turnover if, for example, appropriate technical and organisation measures are not implemented; processing is undertaken outside the instruction of the controller; there is a failure to notify data subjects and the supervisory authority of a data breach.
€20,000,000 or up to 4% of the total worldwide annual turnover if, for example, personal data is unlawfully processed or collected; failure to demonstrate consent; failure to adhere to requests.