Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR

Section 5.5  No suitable derogation

57 As noted above, where the service provider cannot show that one of the derogations is met, the prohibition of Article 9 (1) is applicable. In this case, technical measures have to be put in place to prevent the processing of special categories of personal data, for instance by preventing the processing of certain data points.In this respect, payment service providers may explore the technical possibilities to excludespecial categories of personal data and allow a selected access, which would prevent the processing of special categories of personal data related to silent parties by TPPs.