EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Harmonising risk assessments for high-risk AI systems under the GDPR and the AI Act

Przemysław (Shemy) Gruchała, Lucrezia Nicosia and Monika Zięciak
Additional contact information
Przemysław (Shemy) Gruchała: White Label Consultancy, UAE
Lucrezia Nicosia: White Label Consultancy, Norway
Monika Zięciak: White Label Consultancy, Poland

Journal of Data Protection & Privacy, 2025, vol. 7, issue 4, 359-371

Abstract: Artificial intelligence (AI) is transforming industries, unlocking unprecedented opportunities while posing significant challenges in areas such as data privacy, fairness and accountability, especially in high-risk applications. To address these concerns, the European Union (EU) has established a dual regulatory framework comprising the General Data Protection Regulation (GDPR) and the Artificial Intelligence Act (AI Act). These frameworks employ risk-based mechanisms, including data protection impact assessments (DPIAs), fundamental rights impact assessments (FRIAs) and conformity assessments (CAs). This paper explores the interplay between these regulatory frameworks, focusing on their distinct scopes and the potential for harmonising risk management strategies. By analysing the practical benefits and challenges of integrating these assessments, the study identifies pathways to streamline compliance. The proposed strategy emphasises the importance of organisational context mapping, cross-functional collaboration, unified templates and continuous risk oversight. The findings demonstrate that harmonising these frameworks not only ensures legal compliance but also enhances operational efficiency, fosters stakeholder trust and supports responsible AI and data governance. This research provides actionable insights for organisations navigating overlapping regulatory requirements, enabling them to balance compliance with the advancement of AI technologies. This paper is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.

Keywords: DPIA; FRIA; CA; AI Act; GDPR; risk assessment (search for similar items in EconPapers)
JEL-codes: K2 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/9479/download/ (application/pdf)
https://hstalks.com/article/9479/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:jdpp00:y:2025:v:7:i:4:p:359-371

Access Statistics for this article

More articles in Journal of Data Protection & Privacy from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-06-19
Handle: RePEc:aza:jdpp00:y:2025:v:7:i:4:p:359-371