Data protection is a very hot topic right now. The European General Data Protection Regulation (GDPR) came into force last year. Numerous data leaks at major companies such as Facebook have also raised awareness of this topic among end customers. PSD2 and the “Strong Customer Authentication” (SCA) it contains now represent a whole new challenge in this area as of 14 September, but you can be well prepared with heidelpay solutions!
SCA focusses on a very specific factor of European data protection: third countries. These are states which are outside EU territory. In general, the territorial principle also applies here and the data protection laws must therefore be observed for the relevant country.
However, EU regulations call for one crucial restriction: A distinction must be made between secure and unsecure third countries. Data may only be transferred to third countries if the relevant country is a secure third country. Whether a third country can be classified as secure or unsecure is again defined precisely by the EU. Secure third countries are those countries with a level of data protection that is comparable with that of the EU and that is therefore considered to be adequate.
How does SCA affect your everyday life as a retailer or wholesaler going forward? SCA means that more information is queried with payment transactions. This information may also reach third countries depending on the relevant service provider. As a retailer or wholesaler you then have a duty to notify your customers about what happens with their data. If the data ends up in a third country classified as unsecure, you can no longer guarantee the security of your customer data. Does this all sound complicated? It doesn't have to be!
This is because we took a closer look at the whole situation a while ago and thought to ourselves: why make things so complicated when there is a very simple solution? The EU defines which third country is secure or unsecure in terms of data protection. Then heidelpay will simply keep your data in the EU! This way we offer you solutions that enable international scaling, but also offer a “Safe Harbour” in the EU, and not only with respect to SCA. We also create the ideal conditions for innovations such as fraud prevention and tokenisation, i.e. wherever personal data is important.
One of the most important third countries is, of course, the United States. The European Commission and US government have therefore agreed on new data protection rules in the past. These prevent the EU authorities from having to put a stop to data being exchanged between European and American companies as a result of different protection rules applying on the two continents.
The previous “Safe Harbour” decision regulated the exchange of data between US and EU companies. This required the same level of protection for personal privacy and data protection to prevail on both continents.
For you as a heidelpay retailer/wholesaler/customer, it means that your data remains within the EU and you can rest assured that your data is and will remain protected according to the EU standard. It allows you to ensure your customers that there are no gaps in the documentation regarding the treatment of their data.