This site uses cookies to improve your browsing experience, gather site analytics and activity, track shopping cart contents, and deliver relevant marketing information.
View our privacy policy and manage your settings here. By using our site you agree to these terms.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation—the European Union’s new regulation governing the use of personal data—is effective May 25, 2018, and applies to companies with operations in the EU or that collect the personal data of people in the EU.

While it remains unclear what effect the rule will have on U.S.-based banks offering banking products and services to European customers through internet banking websites, the statute recognizes that non-EU companies operating online that do not “envisage” doing business in the EU, or that inadvertently collect EU personal data, may not be subject to GDPR.

To assist domestic U.S. banks with their assessment of whether GDPR may apply, ABA has developed a checklist to use as the basis for a conversation between bank CEOs, board members, compliance officers, risk management team, IT staff and legal counsel. The association will continue to add more resources to this page as they become available.


Additional Information

DHS Issue Advisory on Growing Threat of Fake GDPR Consent Emails Members Only
On May 8, DHS issued an advisory warning consumers and businesses of the possibility of an influx in phishing attempts triggered by the upcoming EU General Data Protection Regulation that goes into effect on May 25.

ABA Expert Webinar Series: Third Party Risk Management Update & Resources
Recorded: March 22, 2018

​Questions? Contact Denyette DePierro or Paul Benda for more information.