The GDPR right to erasure doesn't apply when there is a legal obligation to keep the data.
> The General Data Protection Regulation (GDPR) gives individuals the right to ask for their data to be deleted and organisations do have an obligation to do so, except in the following cases:
GDPR only say not to collect more data than needed and then not to keep them longer than needed. If you have a legal obligation to collect specific data and to keep them for a specific duration the GDPR are fine with that.
There are similar KYC regulations and data retention laws in Europe.
Not how it works at all - they're serving EU customers which is what matters to GDPR. Apparently the two aren't in conflict like some other comments pointed out, but it has nothing to do with Coinbase being an American company.
> The General Data Protection Regulation (GDPR) gives individuals the right to ask for their data to be deleted and organisations do have an obligation to do so, except in the following cases:
...
> there is a legal obligation to keep that data;
https://commission.europa.eu/law/law-topic/data-protection/r...