Skip to main content
T TON Adoption
← Glossary
NODE/03 · Term

GDPR (General Data Protection Regulation)

The EU's data-protection regulation 2016/679, in force since 25 May 2018. It sets principles for processing personal data and rights for data subjects; fines reach up to €20M or 4% of a company's global annual turnover.

Aliases: gdpr, eu regulation 2016/679, general data protection regulation

GDPR (General Data Protection Regulation, EU Regulation 2016/679) is the European Union’s principal data-protection law. It has applied since 25 May 2018 and covers the processing of EU residents’ personal data even when the company sits outside the EU.

Core principles

  • Lawfulness and transparency. Data is collected on a lawful basis and the person understands what is processed and why.
  • Minimisation. Only what is genuinely needed is collected.
  • Purpose limitation. Data is used strictly for the stated purpose.
  • Security. Technical safeguards and breach notification are mandatory.

Data-subject rights

  • Access to and copies of one’s data.
  • The right to erasure (“right to be forgotten”).
  • Data portability.
  • The right to object to processing.

Fines

Up to €20M or 4% of global annual turnover — whichever is higher.

Crypto and TON angle

GDPR creates a well-known tension with blockchain: a public ledger is immutable, while the right to erasure requires deleting data. That is why personal data is not written on-chain directly. Custodial services (exchanges, on-ramps) that store EU residents’ KYC data must comply with GDPR. In Russia the equivalent role is played by 152-FZ.

This is general information, not legal advice; specific requirements depend on the situation and can change.

Related terms