The Dutch Data Protection Authority is starting an investigation on Dutch companies holding a PSD2-license and process payment account information

The  Dutch Data Protection Authority ("AP") will investigate whether these companies are aware of the privacy risks which are inherent to the processing of account information, and whether they adhere to the privacy regulation. The investigation will be aimed at Dutch PSD2-license holders which are processing payment account information: the so-called “account information service providers”. The purpose of the investigation is not to impose sanctions, however if the AP finds any violations, enforcement actions may follow. One of the tasks of De Nederlandsche Bank (“DNB”) is to provide licenses to payment service providers, such as banks and new fintech-companies. The AP supervises the protection of personal data. DNB and the AP work together in the supervision on compliance with PSD2-regulations.

Do you hold a PSD2-license? Then you are expected to treat personal data of third parties with care. It is important to ensure compliance with the General Data Protection Regulation (GDPR). 

For further information go to the AP's full announcement of the investigation (only in Dutch): AP onderzoekt aanbieders van nieuwe online rekeningdiensten.