EU Digital Laws: Mapping the Interplays with the GDPR
This infographic series maps different EU digital laws with the GDPR.
Contributors:
Müge Fazlioglu
CIPP/E, CIPP/US
Principal Researcher, Privacy Law and Policy
IAPP
Additional Insights
Envisioned by the European Commission's 19 February 2020 communication on a European strategy for data and streamlined through the emerging Data Union Strategy, numerous new EU digital laws have recently come into force.
This infographic series, drawing from the EU Digital Laws Report 2025, maps different EU digital laws with the GDPR.
The IAPP additionally hosts a European Strategy for Data series of charts, which provide an overview of EU privacy, cybersecurity and AI legislation.
Series overview
Artificial Intelligence Act
A topical and consequential intersection is between the AI Act and the GDPR. While they both employ risk-based approaches in some form, the laws are built upon different regulatory logics. The AI Act is a product safety regulation that infuses organizational design responsibilities with a concern for individual rights, while the GDPR directly enshrines fundamental human rights related to personal data protection.
View infographic
Data Governance Act
This resource provides an overview of the rules and requirements that sit at the intersection of the EU Data Governance Act and the EU GDPR. As a legal framework to create an infrastructure for the public sharing of both non-personal and personal data, the DGA intersects in several ways with the rights enshrined within and the rules laid down by the GDPR.
View infographic
Data Act
The EU Data Act creates new rules on who can access and use data generated in the EU across all economic sectors. It aims to ensure fairness in the allocation of value from data, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible to all users. It focuses primarily on industrial, nonpersonal data but is relevant to data protection.
View infographic
Digital Markets Act
The Digital Markets Act applies to the core platform services of designated gatekeepers, which may also qualify as controllers or processers under the EU General Data Protection Regulation, creating numerous points of intersection between the two laws.
View infographic
Digital Services Act
The Digital Services Act applies tiered obligations to various classes of intermediary service providers, imposing the strictest rules upon entities designated by the European Commission as very large online platforms and very large online search engines.
View infographic
Coming Soon
- NIS2 Directive
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Submit for CPEs
