To expand your knowledge simply choose a specific step
Keep track of what information has been shared, and with whom, i. e. where the information has gone.
Obtain consent for any transfer of personal data, as PSD2 permits disclosure to third parties only if the individual whose data is being disclosed has given explicit consent for the disclosure.
Ensure that the API through the sharing of personal data with third parties meets the security requirements under the GDPR and the security standards applicable to PSD2.
Ensure that the “right to be forgotten” can be implemented, which entails a clear and detailed system of notification for all partners to whom customer data has been disclosed.