Toward Integrated Compliance with GDPR and the EU AI Act Based on Empirical Findings

This paper explores how the European Union is shaping rules for data and artificial intelligence (AI) through two key regulations: the General Data Protection Regulation (GDPR) and the EU Artificial Intelligence Act (AI Act). Those two regulations cover data topics, focusing on different aspects, both bringing challenges for organizations and individuals. This paper includes a survey conducted among data protection professionals to understand better how organizations deal with these challenges in practice. The results show that many organizations still have areas for improvement, especially when combining privacy and AI responsibilities. Based on this, the paper offers a simple and practical framework that helps organizations follow the GDPR and the AI Act in a transparent and integrated way. The goal is to support better decision-making, reduce legal and technical risks, and help with the responsible and trusted use of data and AI in the EU. GDPR, AI Act, Data Governance, Risk Management, Privacy, Compliance, EU Regulation