How does Ghost handle the erasure vs AML retention tension?

Customer due-diligence records are typically retained for five years after the end of the business relationship under the EU AML directives and the UK Money Laundering Regulations 2017. When a data subject asks for erasure under Article 17, Ghost records the lawful basis under Article 6(1)(c) — compliance with a legal obligation — on the request, links to the relevant Article 30 register entry, and stores the response template that explains the restriction to the customer in plain language.

Can we keep SAR-related material out of disclosures?

Yes. Ghost lets you redact SAR-related material, fraud-analyst identifiers, counterparty names, and other content that must not leave the firm. Manual redaction is on every plan; AI-assisted detection is available on Solo DPO and DPO Team. The rationale lands in the audit log next to every redaction.

Does Ghost replace our core banking or KYC platform?

No. The core banking system stays the system of record, KYC stays where it is, and transaction monitoring stays where it is. Ghost is the privacy operations layer beside them — the workspace where a subject access, an ombudsman referral, a DPIA on a new model, or a breach investigation is handled.

What about DORA and operational-resilience expectations?

Ghost supports the privacy and incident workflows that DORA (Regulation (EU) 2022/2554) touches on for ICT incident reporting (Art. 17–23) and third-party risk (Art. 28–44). It does not certify against DORA or any sectoral standard, and it is not an FCA-authorised firm. The privacy posture is yours to defend; Ghost is one of the controls you can point at.

Can our second line, internal audit, or external counsel sit alongside?

Yes. Invite second line, audit, or external counsel as members with the appropriate role — Operator to handle cases, Read-only for review. The audit log records every action against the reviewer who made it.

How much does it cost?

Free: 1 active case, manual PDF redaction up to 5 pages per file, 10 redactions per month. Solo DPO is €49/month for one user; DPO Team is €149/month with up to 10 seats, AI-assisted redaction, breach and third-party registers, and the full Article 30 register. Annual billing saves ~20%.

Ghost

For financial services

Two regulators.
One record.

The privacy regulator wants erasure honoured and disclosures completed on time. The financial regulator wants KYC files retained, complaints logged, and incidents reported. Ghost is the workspace where both apply at once — with the lawful basis written down.

EU-hosted · Append-only audit log · Built to the same data-protection standards as the firms it serves.

Start 30-day free trial Try the redaction demo

Ghost — Customer DSAR

Ghost privacy request workspace: case detail with identity verification, tasks, and documents

1 month

Article 12 response window

72 hours

Breach notification clock (Art. 33)

5 years

AML retention floor (4AMLD / MLR 2017)

Hosted infrastructure

The financial-services workflow

Intake. Reconcile. Redact. Defend.

A DSAR pulls from KYC, the ledger, complaints, and fraud screening. Erasure runs into AML retention. Incidents have two clocks. Ghost is the workspace where the response is assembled, the lawful basis is written down, and the audit trail survives both supervisors.

Step 01

Log and verify

Intake the request through a branded form, verify identity before any disclosure, and start the Article 12 clock from the moment the request is identifiable.

Step 02

Pull across systems

Exports from KYC, the transaction ledger, complaints, fraud, sanctions screening, and any open-banking consent records. Ghost holds the case; operational systems remain the systems of record.

Step 03

Redact and apply lawful basis

Mask counterparty names, staff identifiers, and SAR-related material. Where AML retention restricts erasure, record the lawful basis under Art. 6(1)(c) on the case and link to the Article 30 entry.

Step 04

Deliver, evidence, both regulators

Send via a signed, time-limited link. Keep an append-only audit trail — exportable as evidence whether the privacy supervisor or the financial supervisor asks first.

Privacy request manager

Built for multi-system response packs.

Branded intake for customers and representatives, identity verification before any disclosure, task assignment across compliance, operations, and fraud teams, and the Article 12 deadline tracked automatically on every case.

Branded intake for customers and representatives
Identity verification before any disclosure
Tasks assignable across compliance, ops, fraud
Article 12 deadline tracked automatically

Explore privacy requests

Ghost — Privacy request manager

Ghost privacy request workspace showing intake, identity verification, tasks, and documents on a single case

Redaction for regulated files

Counterparties out. SAR material out. Customer detail in.

Upload KYC exports, transaction histories, complaints correspondence, and fraud-screening output. AI-assisted detection surfaces names, addresses, identifiers, and contact details for review. You accept, reject, or refine — and the rationale lands in the audit log.

PDFs, CSV exports, scanned documents
AI-assisted PII detection on Solo DPO and DPO Team
Client-side rendering — files stay in your browser
Rationale captured next to every redaction decision

Try the redaction demo

Ghost — Redaction

Article 30, Breach, and Third-Party registers

Evidence that survives a supervisory visit.

Records of processing for onboarding, transaction monitoring, marketing, employee data, and outsourced functions. Breach Register with the Art. 33 clock running. Third-Party Register for ICT and processor relationships. An append-only audit log on every record.

Article 30 register with completeness score
Breach Register with the Art. 33 clock per incident
Third-Party Register for ICT and processor relationships
Audit pack export when either supervisor asks

Inside the Compliance Hub

Ghost — Compliance Hub

See it end to end

A short walk-through of the workspace.

Redaction, privacy requests, and the audit log — in about three minutes.

Ghost — Product tour

More walkthroughs and guides

What financial-services teams ask us first

Three questions every regulated firm raises.

“Where does AML retention sit?”

Front and centre. Ghost records the lawful basis when retention restricts erasure, links the case to the Article 30 entry, and stores the customer-facing explanation. The legal obligation is on the record.

“Does this replace our core banking or KYC?”

No. Core banking, KYC, and complaints handling stay where they are. Ghost is the privacy ops layer beside them — for the request, the redaction, the response pack, and the audit trail.

“What about DORA and operational resilience?”

Ghost supports the privacy and incident workflows DORA touches; it does not certify against DORA or any sectoral standard. Operational resilience remains yours to defend — Ghost is one of the controls you point at.

Pricing

Plans for fintechs, lenders, payments, and banks.

Start free. Move up when procurement, scale, or supervisory scrutiny require it.

Free

Run one customer DSAR end-to-end before you commit.

€0/forever

1 active case
Manual redaction (PDF, up to 5 pages/file)
10 redactions per month
1 Article 30 register entry

Solo DPO

For a DPO or compliance lead running the privacy programme themselves.

€49/month

Unlimited cases and redactions
AI-assisted PII detection
Article 30 register + append-only audit log
€39/mo billed annually (save 20%)

Start 30-day trial

DPO Team

For compliance, ops, fraud, and the second line sharing the work.

€149/month

Up to 10 seats (€10/extra seat)
Role-based access (Admin, Operator, Read-only)
Outbound webhooks for SIEM / chat / ITSM
Third-Party Register for ICT and processors
€119/mo billed annually

Start 30-day trial

Compare every feature on the full pricing page.

How to respond to a DSAR — end to end

A practical walk-through of the privacy request response: intake, identity, scoping, redaction, response pack, and audit. Written for regulated teams.

Read the guide

FAQ

Frequently asked questions

Two supervisors will ask about the same file.

Stand up one workspace that answers both. 30-day free trial — no credit card, EU-hosted.

Start Free Trial

The regulatory landscape financial-services teams operate in

Financial-services privacy work is governed first by general data protection law — Regulation (EU) 2016/679 (GDPR) and, in the UK, the Data Protection Act 2018 — and then by sectoral regimes that overlap with it. The right of access under Article 15, the right to erasure under Article 17 (with its limits where other legal obligations apply), the deadlines under Article 12, the records obligation under Article 30, the breach-notification obligation under Article 33, and the DPIA obligation under Article 35 are the day-to-day mechanics.

Anti-money-laundering rules sit on top. Directive (EU) 2015/849 (4AMLD) as amended by 5AMLD and 6AMLD, and in the UK the Money Laundering Regulations 2017 (as amended), require firms to retain customer due-diligence and transaction records — typically for five years after the end of the business relationship. These obligations frequently restrict erasure and shape what can be disclosed in a subject access response.

Operational-resilience expectations are codified in the EU under Regulation (EU) 2022/2554 (DORA), which applies from 17 January 2025 and covers ICT incident reporting (Art. 17–23) and ICT third-party risk management (Art. 28–44). UK firms operate under the FCA and PRA operational-resilience rules and the FCA Consumer Duty (PRIN 2A). Supervisors include the FCA and PRA in the UK, and competent authorities such as BaFin, AMF, CNIL, DPC, and CSSF across the EU. Ghost is not an FCA-authorised firm; it does not provide legal advice.

Two regulators.
One record.

EU-hosted · Append-only audit log · Built to the same data-protection standards as the firms it serves.

Two regulators. One record.