How is the General Data Protection Regulation (GDPR) relevant?
The GDPR is an EU privacy and security law which imposes stringent obligations onto any organisation which targets or collects data on citizens living in the EU. The regulation came into effect on 25 May 2018.<br/><br/>
The relevance here is that when third parties are accessing customer account data, both the account services provider and the third party have a duty-of-care to ensure that the customer's personal data is protected at all stages e.g. an <a href="/glossarycollection/modified-customer-interface" style="color:#48277C;" target="_blank" title="Modified Customer Interface"><u>MCI</u></a> must ensure that the personal data available in the account is redacted in any screen scraping data transmitted back to the TPP.