Some pointers from Day 2 at the PCI SSC Europe Community Meeting:
European Data Protection Directive, DPD.
- Will impact all EU companies that store personal data
- Data security officer will become a requirement
- A breach must be reported within 72h
- Implementation by start of 2018
European Payment Services Directive 2, PSD2
- The goal is more secure payments in the EU
- Requires, e.g., annual risk assessment, incident respons process
- 3rd party processors are in scope
- Implemented within a year throughout the EU
Security risks around “Internet of Things”
- How easy are connected devices to hack and is the network then expose?
- Manufacturers need to focus more on security