What do the European Banking Authority (EBA) guidelines say about GDPR and Information Security?

Payment Institutions (<a href="/glossarycollection/payment-institution" style="color:#48277C;" target="_blank" title="Payment Institution"><u>PI</u></a>) must ensure that personal data is adequately protected and kept confidential. PIs fall within the scope of application of Regulation (EU) 2016/67917 (<a href="/glossarycollection/general-data-protection-regulation" style="color:#48277C;" target="_blank" title="General Data Protection Regulation"><u>GDPR</u></a>) and must comply.<br/><br/>

When outsourcing IT or data services, it is imperative that business continuity and data protection are appropriately considered. Such considerations are not limited to the outsourcing of IT but apply in general. Institutions and payment institutions must ensure that they meet internationally accepted information security standards and this also applies to outsourced IT infrastructures and services.