The General Data Protection Regulation (2016/679) is a law designed to enhance data protection for EU residents and provide a consolidated framework to guide business usage of personal data across the EU, replacing the patchwork of existing regulations and frameworks. GDPR replaces the 20 year old EU Data Protection Directive (95/46/EC).
The GDPR applies to processing carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU.
GDPR provides EU individuals with additional rights, including:
Right to Access - You have the right to know what data we hold and process about you at any time on request.
Right to Erasure (right to be forgotten) - You have the right to request the removal of all the data we hold about you. As a financial institution, there are, however, certain instances where Uphold is required to hold or process data for a specific period of time to ensure compliance with global legal and/or regulatory obligations. In these cases, we may be unable to delete specific data until such time has passed.
Right to Object - You have the right to revoke your consent and instruct us to stop processing of your personal data (e.g., direct marketing).