GDPR
General Data Protection Regulation
Definition
The EU regulation governing the processing of personal data of individuals within the EEA. GDPR establishes principles for data processing, rights of data subjects, obligations for data controllers and processors, and significant penalties for non-compliance of up to 4% of global annual turnover.
Regulatory Context
While not a financial services regulation per se, GDPR has significant implications for compliance teams managing customer data, conducting KYC, and processing SARs. Financial institutions must balance data protection obligations with AML and regulatory reporting requirements.