White paper: GDPR and data protection in the payments environment


Written by Editorial Team

Published July 2018

In this article...

Anyone responsible for payments compliance in both the private and public sectors will know they have obligations under the new General Data Protection Regulation (GDPR), as well as their responsibilities under the Payment Services Directive 2 (PSD2).

So how do the two regulations compare?  And, providing you’re already acting in line with the Payment Card Industry Security Standards Council (PCI SSC) and Payment Card Industry Data Security Standard (PCI DSS), how should your approach differ to ensure GDPR compliance?

Our white paper draws parallels between what the new regulations seek to achieve and the steps already taken by the payment card schemes with PCI SSC and PCI DSS.

We consider the differences between the UK’s drive to reduce costs of customer acquisition with those of other EU member states. We also consider the impact on business, looking at evidence of UK consumer attitudes to data security and how organisations can turn GDPR compliance for payments into a competitive advantage.

So, for a fresh perspective on GDPR and data protection in the payments environment, take a look at our white paper.

A 2018 PCI Awards for Excellence winner, Pay360 offers a range of payment solutions and consultancy services to support you with regulatory and statutory compliance – contact us on (0)333 313 7160 or email pay360digitalsales@capita.co.uk to find out more.



At Pay360, we know that making it easy and safe for customers to pay is critical to your success. That’s why we provide a flexible suite of modular payment solutions for a variety of sectors including retail, hospitality, gaming, financial services, local government, health and education, so you can offer customers a wide choice of secure payment methods.

We take on PCI DSS and GDPR compliance responsibility with agent attended and unattended solutions for the telephony environment. We also pioneer digital channel shift to web-based payments whereby callers are seamlessly guided to completing their transaction online. As the customer’s card details are handled by Pay360’s own PCI-approved and certified secure data centre, you significantly reduce risk by removing your staff and network from PCI scope.