The enactment of the Digital Personal Data Protection Act, 2023 (DPDP Act) marks a significant development in India’s evolving data governance framework by recognizing the right to erasure as an extension of the constitutional right to privacy affirmed in Justice K.S. Puttaswamy v. Union of India. However, the practical implementation of this right generates substantial legal friction when applied within the financial sector, where the Prevention of Money Laundering Act, 2002 (PMLA) and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 require financial institutions to retain transaction records and customer identification data for regulatory and investigative purposes. This tension has acquired additional significance in light of the DPDP Rules, 2025 and the ongoing constitutional scrutiny of the data protection regime in Venkatesh Nayak v. Union of India, which raises broader concerns regarding privacy, surveillance, and governmental access to personal data. This paper critically examines whether the PMLA operates as an absolute legislative override to the right to erasure or whether both regimes can be harmoniously interpreted through principles of statutory construction and constitutional proportionality. Drawing upon comparative jurisprudence under the European Union’s General Data Protection Regulation (GDPR), international standards developed by the Financial Action Task Force (FATF), and emerging regulatory technologies, the study argues that privacy and anti-money laundering objectives need not be mutually exclusive. It proposes a three-tiered governance framework consisting of Hard-Delete Protocols for non-regulated data, Encrypted Cold Storage for legally mandated retention records, and a transparent Denial Register to document justified refusals of erasure requests. The paper concludes that a layered data governance strategy offers a legally sustainable mechanism for preserving both individual privacy rights and systemic financial integrity within India’s digital economy.