06 Sep WHAT WE LEARNED ONE YEAR AFTER GDPR

The General Data Protection Regulation has been one of the hottest topic of 2018 and of the beginning of 2019.

One year after the go live of GDPR (May 2018), the interpretation of the law is still unsure for many players, and the actions taken by online businesses to be compliant with the regulation are often not correct. For these reasons, the adoption of consent management solution that are able of supporting companies with the compliance is still essential.

What did we learn about GDPR in one year?

GDPR requires that all the subjects invest in legal fees and revisions of their processes and infrastructure to ensure they are compliant with GDPR and the way they are processing, storing and using the personal data is made according to the law.

This process has not been always easy and smooth, because there are still some shades around the correct interpretation of the law, and the lack of a clear standardised method of gaining GDPR consent by the users has often resulted in a bad online user experience for consumers, with forms, banners, and boxes to thick customised in various ways.

In some cases the online platforms have chosen an assumed-consent strategy, which is risky and puts the companies at the risk of fines by the regulators.

GDPR, consent management and online payments

As a business selling online, you are responsible both for your own platform and for how the third parties you are working with are processing the data you are providing them in order to complete the payment made by your clients.

MyBank allows users to pay directly online through their Internet or mobile banking, accessing with the usual credentials, without the need of further registrations and without storing any sensitive information during the payment process.

This means that MyBank is already a consent management solution, relying on the Strong Customer Authentication provided by the online banking systems offered by banks – through which the end user authorises the release of the data to any third party.

As a consequence, offering MyBank as a payment method provides your customers with a 360 degree tool to express and manage their consent to data processing, allowing you to reduce as much as possible the risks related to the processing of sensitive data and at the same time to be already compliant without having to take further investments in digital payments infrastructures or to sign complicated agreements.

Conclusions

GDPR requires to collect explicit consent by the users, and to implement consent management solutions to comply with the law. One year after GDPR, this process has not always been very smooth for online vendors and the choice of the right consent management solution can be tricky.

MyBank is the optimal solution to consent management and GDPR compliance, providing a way to collect explicit consent from end users and businesses, without the need of storing personal data related to the transaction, and leveraging the pre-existing secure infrastructures of the online banking of their clients, without any further significant investments.