GDPR and AML, what can go wrong ?

The intersection of GDPR and Anti-Money Laundering (AML) regulations creates unique compliance challenges for organizations. AML obligations require collecting and retaining extensive personal data, which must be reconciled with core GDPR principles such as data minimization, purpose limitation, and storage limitation.

Here is the complete recorded presentation for the speech “GDPR & AML what can go wrong” :

The intersection is becoming even more complex with the EU Anti-Money Laundering Authority (AMLA) becoming operational in 2026, as this new centralized supervisor will impose additional harmonized data collection and retention requirements that organizations must reconcile with their existing GDPR obligations. Organizations subject to both AML and GDPR requirements should ensure they have a clear legal basis for processing, typically a legal obligation under Article 6. The legitimate interest basis may also apply for certain fraud-prevention activities. For a step-by-step approach to meeting both sets of requirements, see our GDPR compliance checklist.

Automate your GDPR compliance

Save 340+ hours per year on compliance work. Legiscope provides AI-powered GDPR management trusted by compliance professionals.

Discover Legiscope

Written by

Dr. Thiébaut Devergranne

Fondateur de Legiscope et expert RGPD

Docteur en droit de l'Université Panthéon-Assas (Paris II), 23 ans d'expérience en droit du numérique et conformité RGPD. Ancien conseiller de l'administration du Premier ministre sur la mise en œuvre du RGPD. Thiébaut est le fondateur de Legiscope, plateforme de conformité RGPD automatisée par l'IA.