Donatas Šliora shared his insights with PaymentsCompliance on the fine imposed by Lithuanian State Data Protection Inspectorate on MisterTango, and the message it sends to the payment service providers operating in Lithuania.

There are lessons to be learned by all payment service providers from the recent investigation of MisterTango by the State Data Protection Inspectorate (DPA).

  • PSPs are encouraged to cooperate with DPA to prevent imposition of fines or lead to imposition of lesser sanctions.
  • Organizational structure of PSP must ensure that DPO is not responsible for performance of any competing functions (such as functions of IT manager).
  • PSPs must clearly define and limit the data collected, as well as implement technical and organizational measures to ensure that such data is not stored for excessive periods of time.

‍The article is available here: