PayExpo Europe 2018

8-9 October 2019
Business Design Centre, London

With less than a year to go are you ready for GDPR

Countdown to GDPR: Less Than One Year To Go!

The General Data Protection Regulation which aims to protect the personal data of EU citizens will be enforced from 25th May 2018. It’s an extension of the Data Protection Act (DPA) with greater rights for individuals and requires companies – even non-EU organisations - that do business in the EU with EU data subjects' personal data to put in place clear policies and procedures to protect that data.

Retailers and merchants across all sectors will be some of the most severely affected. For those organisations who have complied with the DPA, the transition to a GDPR world should be straightforward but, as always, the devil is in the detail. Businesses should waste no time in assessing what they need to do and putting a detailed plan in place.

Brexit and GDPR

If you’re hoping that Brexit will help you avoid the challenges of GDPR, think again! UK organisations handling personal data will still need to comply with the GDPR as it will come into force before the UK leaves the European Union, and the government and Information Commissioner have confirmed that the Regulation will still apply.

The Vendorcom View

We’re finding that there is a great deal of ignorance about GDPR and an equal level of misinformation. As you might expect, fear mongers are jumping on the bandwagon, drawing attention to the increasing level of penalty that can be applied. Under the DPA, the maximum fine that the ICO could levy is £500,000, though they’ve never issued a penalty higher than £400,000. The new limit is €20 million or 4% or annual global turnoverwhichever is greater, so it’s understandable that the fear factor looms large! There are plenty of generic, one size fits all, conferences, websites and flyers but I urge caution as there’s a real lack of factual, independent information that gets down into the detail of what organisations are going to have to wrestle with over the next year so I suggest that a wide range of viewpoints are sought before committing to your GDPR programme.

It’s clear that this presents a serious burden for companies and, for those who remember, I believe it ranks in the same category as a Y2K programme, both in overall magnitude and the impact on business continuity and risk; bigger in terms of the extent to which it will affect people and processes, as well as technology. 
I’m seeing some organisations in the payments world trying to persuade their merchant customers that they can help solve all their GDPR challenges. Again, I recommend caution! Whilst the lessons from PCI and payment data security policies and processes that have been put in place over past 10 years will provide a great springboard for a GDPR programme, the payment data security aspects of GDPR will generally only be a small dimension of the overall scope.
This is going to need a coordinated approach; there are so many disparate but interconnected repositories of PII that we risk triggering unintended consequences if the data matrix in your business is not correctly mapped.
Vendorcom first started looking at this subject as far back as 2013. On 25th May, with 365 days til the Regulation is enforced, we ran a briefing for merchants and their personal/payment data centric systems providers to meet the need for independent, merchant-relevant, authoritative information. If you want to see the presentations, get connected to the speakers stay informed of future Vendorcom GDPR briefings, just get in touch with me.  I’m confident that across our quarterly Future of Payments Conferences, Legislation & Regulation, Payment Security & Risk Management and Identity & Authentication Special Interest Groups, as well as specific GDPR Briefings, this challenging legislation will be centre stage for the next couple of years.
  • Whenever PayExpo Europe comes up, it goes straight into the diary – no question
    Dean Fiveash
    Vice President, Barclays
  • PayExpo Europe gives you a better understanding of the payments industry.
    Brian Donnelly
    Managing Director, Accenture
  • As a vendor, the event is one of the key places to be seen
    Phil Campbell
    Founder, Kerv Wearables
  • The show is a key date in the industry calendar
    Chris Jacklin
    Managing Direcotr, Nvayo Limited
  • I loved it. I am new to the job and it has given me great insight. A great experience, I am keen to come again.
    Robert Ratcliffe
    Payments Project Manager, Argos
  • PayExpo Europe provides great opportunities to meet new customers and do business.
    Lee Russell
    Senior Director – Prepaid, Mastercard
  • The show’s education sessions are truly mind expanding. It teaches you things you won’t find elsewhere.
    Kevin Chang
    Investment Analyst, Santander
  • This is my first time at PayExpo Europe and I would certainly recommend attending. It has given me a better understanding of the payments and FinTech industry.
    Anthony Clegg
    Commercial Cards Account Director, Royal Bank of Scotland


Show the sponsors

Platinum sponsor


See all Sponsors


See all sponsors

Featured speakers



See all Partners