Related references

The EU AI Act and the GDPR create overlapping but distinct obligations for AI systems that process personal data. They align on data quality, impact assessments, transparency, and individual rights, but differ in scope, accountability roles, and incident-reporting timelines, so the efficient approach is integrated compliance, such as a combined DPIA/FRIA.

A Fundamental Rights Impact Assessment (FRIA) under Art. 27 is conducted step by step: describe the system and its purpose, identify affected persons, assess the impact on each fundamental rights dimension, define mitigation measures, and document the residual risk before deployment.