Global Compliance and Security with GDPR and PCI DSS from designers’ perspective

By abizer vakil

-Madhup Mishra
Madhup Mishra has done BTech in mechanical engineering and he is working for TCS for more than a decade in the banking payments domain. Currently, he is a business designer in payment systems. He is experienced in faster payments, BACS, CHAPS, SWIFT, Visa Card Payments, and Cheque payments. He is part of major transformational compliance projects like GDPR, PCI DSS, Visa Scheme, and tokenized card payments. This meeting was held online as he is in The UK at present.
The session started with a question that he asked- What do you mean by global compliance? A few students answered very clearly. He stated that General Data Protection and Regulation (GDPR), mandates GDPR to be applicable across the globe if you are dealing with a person or people living in European Union. In India, those who are accessing or using data of EU citizens have to be GDPR compliant. A company operating outside the EU needs to have a company representative to communicate. For personal usage, we can use EU data but not for professional.
GDPR came in 2016 and was applied in 2018, noncompliance leads to fines up to 10 Mn or 2 percent of annual turnover whichever is higher. GDPR has 3 key principles- First, privacy by design. Second, Security by default. Third, accountability.
This data can be used when four key rules are followed. First, clear motive and consent. Second, consent can be withdrawn. Third, is the protection of data. Fourth, all the other rights that EU citizens have to be followed. GDPR license is to be renewed every year after providing compliance reports from the organizations.
PCI DSS – The payment card Industry data security standards mainly refer to the protection of information of cards. It is applicable across the globe. The law says – penalties for non-compliance, which has similarities to GDPR. There are six standards that need to be followed. First, need to have a good firewall and security. Second, protect cardholder data. Third, vulnerability management of the whole system. Fourth, audit of data. Fifth, quality security assessment. Sixth, internal security assessment. The session successfully ended with a series of questions and answers.

-Abizer Vakil