Jump to Content
Skip Section Navigation


GDPR is a sweeping European Union regulation that governs the protection and use of personal data by corporate entities.

GDPR, which became effective on May 25, 2018, applies to companies with operations in the EU or that collect the personal data of people in the EU. With these broad parameters—and with the price tag for GDPR violations maxing out at the higher of $20 million or 4 percent of annual global turnover—all banks with a web presence should check twice to verify whether they will be subject to GDPR compliance.

To assist U.S. banks with their assessment of whether GDPR may apply, ABA has developed a checklist to use as the basis for a conversation between bank CEOs, board members, compliance officers, risk management team, IT staff and legal counsel.


GDPR: What Your Bank Needs to Know Now

Watch this recorded webinar about GDPR and what your bank needs to know.

Watch Recorded Webinar