The implementation of GDPR and PSD2 in the EU as well as the PSD2 alignment with GDPR, encourage central banks in various countries including Indonesia to immediately implement an open banking system that also prioritizes privacy data protection. The PDP bill principle of explicit consent must be applied in open banking financial transactions that in Indonesia as stated in the National Standard Open API Payment (SNAP) 2021 (a Technical Standards and Governance Guideline). However, there are some fundamental differences regulated in PSD2 when compared to SNAP which will hinder Indonesia's adequate GDPR. This research is normative research with statutory approach and comparative approach. The results showed that there are some fundamental differences between PSD2 and SNAP, including the parties involved, data portability and the concept of re-consent or re-confirmation which are not regulated in SNAP but regulated in PSD2, for the concept of sensitive data payment, neither SNAP nor PSD2 provide the specific concept, both define it broadly.