Language change icon for desktop
English  |  Dutch  |  French

One API for General Data Protection Regulation (GDPR) Data portability and PSD2 XS2A?

Authored by: Tadas Dobravolskis LL.M and Can Yilmaz LL.M

As financial services organizations look to gain not just efficiencies, but economies of scale, when considering overlapping global regulations, one area where there is an opportunity to address similar technical requirements with a single approach is with the General Data Protection Regulation (GDPR) requirement for Data portability and the Payment Services Directive (PSD2), which requires third parties to gain access to accounts (frequently referred to as XS2A). Financial services organizations that are subject to both have been encouraged to employ Application Programming Interface (API) technology to comply. In this article, we will investigate whether implementing one API solution enabling compliance with both requirements can be done.

GDPR: a new personal data regime in Europe
As of 25 May 2018, the new European rules on data privacy, formally known as the General Data Protection Regulation (GDPR), will apply across the European Union. The regulation is the successor of the 1995 Data Protection Directive and the result of a comprehensive reform of data protection rules by the EU which started in 2012.

The aim of GDPR is to harmonize European data protection laws, strengthen individuals’ rights, increase compliance obligations, and expand enforcement powers of regulators. The result of this reform program is a new single European regulation, adopted on 27 April 2016, that, at least on paper, will do away with the existing fragmentation of data privacy laws. The regulation also should tackle costly administrative burdens in individual member states, resulting in estimated savings for businesses of around €2.3 billion a year.


Enter your details to download this article for free.

Enter the characters shown in the image.


Synechron, Inc. and/or its affiliates and group companies takes your privacy seriously. By providing your information, you are signing up to receive information about Synechron services and related marketing. Your personal data will be protected in accordance with Synechron's Privacy Policy. By filling out this form, you are giving Synechron your consent so that we may communicate relevant information to you via email, telephone, invitations, and other digital notifications. If at any time you would like to withdraw your consent or update your profile and preferences, you can do so by clicking here or by contacting us directly.