+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)


General Data Protection Regulation: The European Union's Cross-Industry Approach to Data Protection

  • ID: 4551394
  • Report
  • Region: Europe
  • 19 Pages
  • Mercator Advisory Group
1 of 3
Countdown to GDPR: Data Protection Regulations will Affect U.S. Payment Card Issuers in Less than 40 days

Comprehensive European Union privacy rules take effect for all industries in late May 2018. The change affects all verticals including bank cards. U.S. industries must examine their customer bases to ensure they are not at risk.

The report, General Data Protection Regulation: The European Union’s Cross-Industry Approach to Data Protection, summarizes the specifics of the EU’s new privacy rules and risks to U.S. businesses that do not prepare for the latest EU mandates.

"Unlike the revised Payment Services Directive (PSD2), which has only a partial influence on U.S. card markets, the General Data Protection Regulation can cause non-European markets regulatory fines," comments Brian Riley, Director, Credit Advisory Services and author of the research report. "Keep in mind that compliance with PCI does not mean your organization satisfies GDPR’s privacy and data breach requirements. If there is even one EU citizen in your credit file, you need to ensure compliance."

Highlights of the research report include:

  • Comparison of U.S. and EU noncash payments
  • Projected EU noncash payments in the EU market, 2013-2022
  • Noncash usage in EU and population by country
  • Six objectives of the General Data Protection Regulation
  • Penalties for noncompliance.
Note: Product cover images may vary from those shown
2 of 3

1 Executive Summary

2 European Payment Cards: A $500 Billion Market

  • Payments in the European Union: Almost Half of Noncash Payments on Cards
  • The European Market: Population and Card Usage
  • The Payment Services Directive: A Refresher
  • General Data Protection Regulation
  • Establishing Data Protection Rights
  • Personal Data: The Crux of GDPR

3 General Data Protection Regulation Takes a Stand to Enable Personal Control

  • Important Definitions
  • Establishing Consumer Data Rights
  • Privacy Principles
  • Costs of Noncompliance
  • The Data Protection Officer

4 Implications of GDPR for Your Organization

  • All Card Issuers
  • European Card Issuers
  • Top Issuers in the U.S. and Elsewhere Outside Europe
  • Middle-Market Issuers and Credit Unions
  • Card Processors and Acquirers
  • Vendors

5 Conclusions

6 References

  • Endnotes

List of Figures
Figure 1: Almost half of European noncash payments occur on payment cards (this is less than in the United States)
Figure 2: Payment cards will continue to dominate noncash payments in the European Union, 2013-2022P
Figure 3: Population density and payment card usage vary by country in the European Union
Figure 4: Payment Services Directive 2 opens up banking to third parties, tightens security, and increases protections
Figure 5: The General Data Protection Regulation has six objectives
Figure 6: GDPR mandates large fines for noncompliance
Figure 7: The Data Protection Officer is the point person for compliance

List of Tables
Table 1: Nine key GDPR terms express the importance of data and control
Table 2: The articles of the General Data Protection Regulation establish consumer rights
Table 3: Article 5 of the General Data Protection Regulation defines six privacy principles

Note: Product cover images may vary from those shown
3 of 3