For all payment services, with the exception of the service that consists of offering an account information service, explicit permission must be given. asked. The way in which this consent is obtained must be free, unambiguous, informed and specific. Consumers should also be able to withdraw their consent easily.
Of course, just like other organizations, the privacy law, the General Data Protection Regulation (GDPR), also applies. Important GDPR rules are, for example, that a payment service provider must always have a basis for processing personal data and must take measures to properly protect personal data.
For more information about this topic, see: https://autoriteitpersoonsgegevens.nl/nl/nieuws/ap-geeft-betaaldienstverleners-uitleg-over-uitdrukkelijke-toestemming-psd2