Relationship with GDPR and Other EU Law

This Regulation should be without prejudice to the provisions of Union law on the protection of personal data, in particular Regulation (EU) 2016/679 (GDPR) and Directive (EU) 2016/680. Processing of personal data under this Regulation should comply with those instruments. Where AI systems process personal data, GDPR and data protection law apply in parallel with AI Act obligations. High-risk AI systems that process personal data may require both a DPIA under GDPR and a fundamental rights impact assessment under this Regulation.