The spectacular development of generative AI has triggered a global thinking about how best to regulate the technology’s risks. The EU AI Act trilogues were marked by disputes over regulating “foundational models” between the Council and the European Parliament. When it comes to issues related to data protection, privacy and security, however, generative AI is already regulated by the GDPR. DPAs, led by the Garante, have expressed concerns about compliance with GDPR principles by entities developing and deploying ChatGPT and other LLMs. Responding to these concerns, OpenAI, Google, and other companies revised privacy policies and took actions to address GDPR issues. However, significant questions persist. This panel will offer the perspectives of the regulator, the industry, the practitioners and academia on the intricate intersection of GDPR and generative AI, evaluating the EU AI Act’s impact on this crucial matter.