As the key production factor of digital finance，“data” drives the upgrading and transformation of the real economy，traditional finance and regional economy. As data value increases and information technology evolves，the risks posed by data are increasing gradually. The EU General Data Protection Regulation（GDPR），which came into force in 2018，provides unprecedented data protection requirements for data controllers including financial institutions. The compound system of data protections is formed，which consists of the principle obligations，general obligations （compliance obligations and duty of producing evidence） and specific obligations of risk management. However，too strict data protection obligations may adversely affect digital finance. China should skeptically refer to the GDPR and actively promote the development of digital finance on the premise of adhering to the personal data protection bottom line.