Visa has implemented the Visa Data Privacy Request Manager set of APIs to support Issuers and Acquirers in relation to GDPR requirements, where Visa holds the personal data as a 'processor' on behalf of the controller. Specifically, enabling client banks to submit DSR requests on any of the DSR types (Access, Rectification, Erasure, Restriction, Portability, Object, Automated Processing). Each request will prompt the creation of at least one “case” that will be used to track the progress of the request.
Visa Data Privacy Request Manager APIs can be used by any client bank developer in the sandbox with registration and acceptance of terms and conditions. Bank participation is subject to Visa approval and execution of the participation agreement.
You can use the API explorer provided in the API Reference section to understand the usage of the APIs in the Sandbox. Currently, the APIs are only available for client bank use in the European region.
Check back on this page later for further updates on expanded access (e.g. additional regions) to these APIs.