How will FIDA interact with existing data privacy regulations?

FIDA and GDPR, the General Data Protection Regulation, are two key regulations impacting data privacy and use within the European Union. While targeting different aspects, they work together to achieve complementary goals:

GDPR: Establishes a comprehensive framework for personal data protection, granting individuals control over their data and imposing strict obligations on organizations handling it.

FIDA: Focuses on financial data access and sharing within the specific context of financial services, building upon and aligning with GDPR’s principles.

Here’s how they interact:

Alignment and Synergies:

  • Both emphasize individual control: FIDA builds upon GDPR’s “right to be forgotten” and access rights, empowering individuals to control their financial data sharing through explicit consent and access transparency.
  • Complementary security requirements: FIDA complements GDPR’s security standards with specific measures for financial data, like strong authentication and encryption.
  • Harmonization efforts: Both regulations strive for consistency and legal certainty across the EU, aiming to minimize conflicting interpretations and burdens on organizations.

Key Differences and Nuances:

  • Scope: GDPR applies to a broader range of personal data, while FIDA targets financial data specifically.
  • Consent requirements: FIDA might require additional or more granular consent layers for specific financial data sharing scenarios.
  • Regulatory bodies: GDPR is enforced by data protection authorities, while FIDA involves financial regulators in oversight.


  • FIDA builds upon and supplements GDPR to establish a robust framework for secure and responsible financial data sharing within the EU.
  • Both regulations work together to empower individuals, ensure data security, and foster innovation in the financial sector.
  • Organizations must comply with both FIDA and GDPR when handling financial data to ensure legal compliance and user trust.

Additional Points:

  • The European Commission emphasizes the complementary nature of FIDA and GDPR in its official documents and guidance.
  • Data protection authorities and financial regulators are expected to collaborate in enforcing both regulations consistently.
  • Organizations navigating this dual regulatory landscape can seek guidance from legal experts and industry associations to ensure compliance.