GDPR and PCI DSS: appropriate bedfellows?

At a recent meeting of the UK Merchant PCI Working Group I mentioned that there was some soft case law in the form of ICO enforcement action which helps to answer the question of whether PCI DSS is sufficient to meet GDPR’s requirement for organisations to implement “appropriate technical and organisational measures” in respect of the security of cardholder data.

As PCI DSS and GDPR are probably my two specialist subjects, I’ve written a short paper that looks at the ICO’s historic enforcement action and which hopefully answers the appropriateness question.

Paper (PDF): GDPR and PCI DSS: What’s appropriate?

One thought on “GDPR and PCI DSS: appropriate bedfellows?

  1. Pingback: This Week’s [in]Security – Issue 52 - Control Gap | Control Gap

Leave a Reply

Your email address will not be published. Required fields are marked *