The European Data Protection Board adopts first guidelines on the interplay between the DSA and the GDPR

KEY ASPECTS
- Simultaneous compliance with the DSA and the GDPR is essential for intermediary service providers, requiring that the processing of personal data observes the principles of lawfulness, minimization and transparency.
- The obligation to carry out a Data Protection Impact Assessment (DPIA) applies in high-risk situations, such as voluntary investigations or in the management of complaints.
- Transparency in recommendation systems implies the provision of options not based on profiling and the limitation of the time it takes to retain users' choices to what is strictly necessary.
- Systemic risk management and mitigation, especially for Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs), require the implementation of measures that are proportionate and compatible with the requirements of the GDPR.