1. AlgoCandyHome
  2. Glossary
  3. G-Glossary

🔹 Definition

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union (EU) that governs the collection, processing, storage, and transfer of personal data of individuals within the EU and European Economic Area (EEA). Enforced since May 25, 2018, GDPR aims to strengthen individual privacy rights and unify data protection regulations across EU member states.

GDPR applies to any organization worldwide that handles the personal data of EU/EEA residents, including in the context of KYC, AML, and digital identity verification processes.

🔹 Frequently Asked Questions (FAQs)

Q1: What is considered “personal data” under GDPR?
Personal data includes any information that can identify a person, directly or indirectly, such as:

  • Name, address, email, phone number
  • Identification numbers (e.g., passport, national ID)
  • Biometric or location data
  • Online identifiers (e.g., cookies, IP addresses)

Q2: What are the key principles of GDPR?

  1. Lawfulness, fairness, and transparency
  2. Purpose limitation – only collect data for specific purposes
  3. Data minimization – collect only necessary data
  4. Accuracy – keep data up-to-date
  5. Storage limitation – keep data no longer than needed
  6. Integrity and confidentiality – ensure security
  7. Accountability – be able to demonstrate compliance

Q3: What rights do individuals have under GDPR?

  • Right to access their personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to data processing
  • Rights related to automated decision-making and profiling

Q4: How does GDPR impact AML/KYC compliance?

  • Organizations must ensure lawful basis for processing personal data (e.g., legal obligation or consent)
  • Data retention must be justified and time-limited
  • Must ensure data security for KYC documents and risk profiles
  • Cross-border data transfers outside the EU must meet specific safeguards (e.g., Standard Contractual Clauses)

Q5: What are the penalties for non-compliance?
Organizations can face:

  • Fines up to €20 million or 4% of global annual turnover (whichever is higher)
  • Regulatory investigations and mandatory corrective actions
  • Reputational damage and customer trust loss

Previous:

Next:

Read more

Contact us
Contact us
SHARE
TOP