Dutch  |   English

One API for General Data Protection Regulation (GDPR) Data portability and PSD2 XS2A?

Authored by: Tadas Dobravolskis LL.M and Can Yilmaz LL.M

As financial services organizations look to gain not just efficiencies, but economies of scale, when considering overlapping global regulations, one area where there is an opportunity to address similar technical requirements with a single approach is with the General Data Protection Regulation (GDPR) requirement for Data portability and the Payment Services Directive (PSD2), which requires third parties to gain access to accounts (frequently referred to as XS2A). Financial services organizations that are subject to both have been encouraged to employ Application Programming Interface (API) technology to comply. In this article, we will investigate whether implementing one API solution enabling compliance with both requirements can be done.

GDPR: a new personal data regime in Europe
As of 25 May 2018, the new European rules on data privacy, formally known as the General Data Protection Regulation (GDPR), will apply across the European Union. The regulation is the successor of the 1995 Data Protection Directive and the result of a comprehensive reform of data protection rules by the EU which started in 2012.

The aim of GDPR is to harmonize European data protection laws, strengthen individuals’ rights, increase compliance obligations, and expand enforcement powers of regulators. The result of this reform program is a new single European regulation, adopted on 27 April 2016, that, at least on paper, will do away with the existing fragmentation of data privacy laws. The regulation also should tackle costly administrative burdens in individual member states, resulting in estimated savings for businesses of around €2.3 billion a year.


Enter your details to download this article for free.

Voer de tekens in die op de afbeelding worden getoond.


Synechron, Inc. en / of zijn dochterondernemingen en groepsmaatschappijen nemen uw privacy serieus. Door uw informatie te verstrekken, meldt u zich aan om informatie te ontvangen over Synechron-services en gerelateerde marketing. Uw persoonlijke gegevens worden beschermd in overeenstemming met het Privacybeleid van Synechron. Door dit formulier in te vullen, geeft u Synechron uw toestemming zodat we u relevante informatie kunnen meedelen via e-mail, telefoon, uitnodigingen en andere digitale meldingen. Als u op enig moment uw toestemming wilt intrekken of uw profiel en voorkeuren wilt bijwerken, kunt u dit doen door hier te klikken of door rechtstreeks contact met ons op te nemen.