The General Data Protection Regulation (GDPR) is a privacy-focused law that an AI practitioner

should adhere to while designing and adapting an AI system that utilizes personal data. The GDPR

applies to any organization that processes personal data of individuals in the European Union (EU),

regardless of where the organization is located. The GDPR grants individuals rights over their

personal data, such as the right to access, rectify, erase, restrict, or object to its processing. The GDPR

also imposes obligations on organizations that process personal data, such as the duty to obtain

consent, conduct data protection impact assessments, implement data protection by design and by

default, and ensure accountability and transparency. The GDPR also addresses some specific issues

related to AI, such as automated decision-making, profiling, and data portability.