PayExpo Europe 2018

8-9 October 2019
Business Design Centre, London

With less than a year to go are you ready for GDPR

Countdown to GDPR: Less Than One Year To Go!

The General Data Protection Regulation which aims to protect the personal data of EU citizens will be enforced from 25th May 2018. It’s an extension of the Data Protection Act (DPA) with greater rights for individuals and requires companies – even non-EU organisations - that do business in the EU with EU data subjects' personal data to put in place clear policies and procedures to protect that data.

Retailers and merchants across all sectors will be some of the most severely affected. For those organisations who have complied with the DPA, the transition to a GDPR world should be straightforward but, as always, the devil is in the detail. Businesses should waste no time in assessing what they need to do and putting a detailed plan in place.

Brexit and GDPR

If you’re hoping that Brexit will help you avoid the challenges of GDPR, think again! UK organisations handling personal data will still need to comply with the GDPR as it will come into force before the UK leaves the European Union, and the government and Information Commissioner have confirmed that the Regulation will still apply.

The Vendorcom View

We’re finding that there is a great deal of ignorance about GDPR and an equal level of misinformation. As you might expect, fear mongers are jumping on the bandwagon, drawing attention to the increasing level of penalty that can be applied. Under the DPA, the maximum fine that the ICO could levy is £500,000, though they’ve never issued a penalty higher than £400,000. The new limit is €20 million or 4% or annual global turnoverwhichever is greater, so it’s understandable that the fear factor looms large! There are plenty of generic, one size fits all, conferences, websites and flyers but I urge caution as there’s a real lack of factual, independent information that gets down into the detail of what organisations are going to have to wrestle with over the next year so I suggest that a wide range of viewpoints are sought before committing to your GDPR programme.

It’s clear that this presents a serious burden for companies and, for those who remember, I believe it ranks in the same category as a Y2K programme, both in overall magnitude and the impact on business continuity and risk; bigger in terms of the extent to which it will affect people and processes, as well as technology. 
I’m seeing some organisations in the payments world trying to persuade their merchant customers that they can help solve all their GDPR challenges. Again, I recommend caution! Whilst the lessons from PCI and payment data security policies and processes that have been put in place over past 10 years will provide a great springboard for a GDPR programme, the payment data security aspects of GDPR will generally only be a small dimension of the overall scope.
This is going to need a coordinated approach; there are so many disparate but interconnected repositories of PII that we risk triggering unintended consequences if the data matrix in your business is not correctly mapped.
Vendorcom first started looking at this subject as far back as 2013. On 25th May, with 365 days til the Regulation is enforced, we ran a briefing for merchants and their personal/payment data centric systems providers to meet the need for independent, merchant-relevant, authoritative information. If you want to see the presentations, get connected to the speakers stay informed of future Vendorcom GDPR briefings, just get in touch with me.  I’m confident that across our quarterly Future of Payments Conferences, Legislation & Regulation, Payment Security & Risk Management and Identity & Authentication Special Interest Groups, as well as specific GDPR Briefings, this challenging legislation will be centre stage for the next couple of years.
  • PayExpo is fantastic because it has thought provoking discussions and is a great place to connect with other leaders in the industry.
    Megan Caywood
    Starling Bank
  • Very well organised, covering all the key topics with an inclusive and relevant speaker and exhibitor base.
    Helene Panzarino
    Rainmaking Colab Fintech
  • Very wide ranging and varied content with a good mix of fact and opinions, hotly debated.
    Ian Dawson
    Hays Travel Limited
  • This is both a networking event and a trade show, and should be in everyone's diary.
    Paul Love Twelves
    Open Payments Cloud
  • Had a great time across the two days, very well looked after and heard some interesting things about the industry. Look forward to returning next year!
    Jon Ellis
    Atom Bank
  • PayExpo 2018 was fantastic with a great variety in exhibitors as well as content for talks and debates. We found some very good potential partners that will help us make a major impact in the banking industry over the next few years.
    Simon Phillips
    Money Global Limited
  • I really liked the sessions and panel discussions and I am looking forward to some more presentations.
    Liisi Kirsipuu
  • I found the event very interesting and lively, I really liked the presentations in theatre 2 as I am coming from a payments area I found them very informative.
    Martynas Rajuncios
    Lietuvos Bankas


Show the sponsors

Platinum sponsor


See all Sponsors


See all sponsors


Featured speakers



See all Partners