GDPR

GDPR, effective from 2018, establishes comprehensive data protection rights for EU individuals and obligations for organizations processing personal data. The regulation applies to all organizations processing EU residents' data, regardless of location. GDPR introduces principles of data minimization, purpose limitation, and accountability, requiring explicit consent for data processing. Individuals gain rights including access, rectification, erasure, and data portability. Organizations must implement privacy by design, conduct data protection impact assessments, and report breaches within 72 hours. Financial services firms must balance GDPR compliance with regulatory reporting requirements, anti-money laundering obligations, and customer due diligence needs. Violations can result in fines up to 4% of annual global turnover.