Data Protection and AI: Updates and Practical Insights

20 April 2026

Our founder and director was pleased to chair the Law Society of Ireland Intellectual Property & Data Protection Law Committee Conference on Monday, 20 April, bringing together leading legal and regulatory voices to examine the impact of AI on data protection compliance.

The conference explored the evolving interaction between the General Data Protection Regulation (GDPR), the EU Artificial Intelligence Act, the EU Digital Omnibus and national developments.

Particular focus was given to DPIAs, privacy statements, workplace applications and automated decision‑making.

Key takeaways included the critical importance of transparency, sound operational governance, robust documentation, DPIAs and continuous staff training. Contributors highlighted the need for early and constructive regulatory engagement, effective incident and breach response frameworks, and meaningful human oversight to ensure AI systems are deployed responsibly and in compliance with legal and ethical standards.

The themes throughout the afternoon were 'Pace, Practice, and People'.

·   Pace — because the regulatory environment is moving at breakneck speed. The EU AI Act is phasing in. The Digital Omnibus is reshaping the landscape. GDPR enforcement has matured into its second wave, a complicated one. Domestic legislation and strategies are landing together with EU guidance and opinions. The question in 2026 is not “what are the rules?” — it is “which new rule or development do we have today?’ 

·   Practice — because data protection and AI while in the same ring, are often colliding.   The DPO, the AI governance lead and in-house counsel are often the same person wearing multiple hats, watching those collisions from the front row seat. The question on every desk is similar: how do we build and use AI that works without breaking the things GDPR requires us to protect?

·   People — because behind every system is an employee, a candidate, a customer, a data subject with rights. While we will have questions on the technology, it is important not to lose sight of the humans impacted by the tech.

It is a team effort to manage all the required aspects.

We extend our thanks and appreciation to the Law Society of Ireland, the distinguished speakers, and all participants for a thoughtful and timely discussion. The conversations reinforced the importance of informed, proactive compliance strategies in enabling responsible innovation within an increasingly complex EU regulatory landscape. For further details please see: GDPR remains ‘fundamental’ to AI regulation

For any queries on this article or how Rock Consultancy can support your organisation, please contact us at info@rockconsultancy.ie