The Revised Payment Services Directive (PSD2) will require financial institutions (especially banks) to open access to the personal information related to the accounts to third parties the institution has no contractual agreement with. The GDPR however forbids sharing the information with third parties; basically it is the individual to give consent and to provide the data to the data processor - not other processors.
It is weird to read how two legislations from the EU can address the topic of privacy and consent from such opposing angles. I suppose it’ll take some years of lawsuits and appeals up to the Court of Justice of the European Union (CJEU) to settle this. Do we have to be prepared for some suprises like the Schrems case, where the CJEU invalidated the entire US-EU Safe Harbour arrangement?