Navigating AI Development in the Private Sector: Insights from the Austrian DPA on the EU AI Act and GDPR

The Austrian DPA stresses that GDPR remains crucial when processing personal data, even with the new AI regulation. Any AI system processing personal data must comply with the data protection principles and have a legal basis for processing. Automated individual decisions must adhere to Article 22 of GDPR, with the data controller bearing the burden of proof for lawful processing. If an AI system is non-compliant with the GDPR, the data protection authority must take corrective measures, including fines.