Υλοποίηση μηχανισμού εφαρμογής του Γ.Κ.Π.Δ. σε συνδυασμό με την οδηγία P.S.D.2 για χρηματοπιστωτικά ιδρύματα εντός της Ευρωπαϊκής ένωσης
Implementing G.D.P.R. and P.S.D.2 regulations for financial institutions under European Union
View/
Abstract
From May 2018 all organizations that have and manipulate personal data info of any kind inside the European Union are obliged to implement the General Data Protection Regulation GDPR. With this regulation institutions and organizations that have in their possession any personal data must ensure the protection against any leaks and give the right to the persons to delete them at their disposal.
At the same period of this implementation, another regulation is taking effect and that is PSD2. This is also a European regulation for electronic payment services. It seeks to make payments more secure in Europe, boost innovation and help banking services adapt to new technologies and up to date services. PSD2 is evidence of the increasing importance Application Program Interfaces (APIs) are acquiring in different financial sectors and all organizations must comply to that regulation.
In this master's thesis we will analyze some of the most important problems impacting the day to day business for all financial institutions implementing GDPR regulations and which are under serious consideration and are not implemented at all. As for the PSD2, we will also analyze key points and problems that occur for financial institutions implementation. In the end we will introduce and analyze this master's thesis project that will cover most of the problems that are analyzed before and is about having three independent systems that communicate to each other with APIs. One of them is the graphical user interface that gives the right to the end user to execute the business transaction. Another is the system that have the personal data and is supposed to simulate something like Google which holds all kind of personal information. The last is a simplified simulation of a financial organization like a bank that unlike what all banks are implementing at this point, do not hold any kind of personal information and is relying on the second system to authenticate the end user. All of these systems are implementing a full secured and encrypted environments. For these purposes we used a two factor authentication, strong authentication and Argon2 encryption for any sensitive data that are stored in the database.