§ Data Governance Act · GDPR COMPARISON

Data Governance Act vs GDPR: Where They Overlap and Conflict

4 overlaps, 2 conflicts and 2 gaps mapped between Data Governance Act and GDPR in the Fontvera regulatory corpus.

Summary

Data Governance Act and GDPR both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two in the Fontvera corpus.

4 overlaps mean the same conduct triggers obligations in both regimes — design controls once, document twice. 2 conflicts mean the two regulations push in opposite directions on a specific question. 2 gaps mean one regulation leaves something on a topic the other addresses.

Who this applies to
Compliance teams who need to map a single control framework onto both Data Governance Act and GDPR.
Compliance deadline
§ Detail

In depth

Summary statistics

Overlaps: 4 · Conflicts: 2 · Gaps: 2

8 article-level crossrefs catalogued between Data Governance Act and GDPR from the Fontvera EU regulatory corpus. Article numbers are verbatim from the underlying obligation_crossrefs table; descriptions are extracted, not paraphrased.

All crossrefs between these regulations

Article (A)Article (B)TypeSeverityDescription
Data Governance Act Art 7GDPR Art 5, Art 24overlapmedium[entity affected: Public sector bodies / Competent bodies] Both regulations require the implementation of technical and organizational measures to ensure data security, privacy, and integrity during p
Data Governance Act Art 9GDPR Art 12overlaplow[entity affected: Competent public sector bodies / Controllers] Both regulations mandate specific timeframes for responding to requests (data re-use or subject rights) and require notification if the
Data Governance Act Art 7GDPR Art 7, Art 8overlapmedium[entity affected: Competent bodies / Controllers] Both regulations involve mechanisms for obtaining and verifying consent or permission from data subjects, with GDPR providing the detailed legal stand
Data Governance Act Art 13GDPR Art 51, Art 62overlaplow[entity affected: Data protection authorities / Competent authorities] Both regulations require cooperation and information exchange between relevant supervisory authorities (including data protection
Data Governance Act Art 6GDPR Art 12conflicthigh[entity affected: Public sector bodies / Controllers] DGA allows fees for data re-use limited to costs, while GDPR generally requires the exercise of data subject rights to be free of charge, creating
Data Governance Act Art 4GDPR Art 5, Art 6conflicthigh[entity affected: Public sector bodies] DGA promotes broad data re-use and limits exclusivity, which may conflict with GDPR's strict purpose limitation and lawfulness requirements if re-use purposes a
Data Governance Act Art ?GDPR Art ?gapmedium[entity affected: Data intermediation services providers] Neither regulation explicitly defines the liability of data intermediaries for data quality or accuracy errors in the data they facilitate, le
Data Governance Act Art ?GDPR Art ?gapmedium[entity affected: Data altruism organisations] While DGA regulates registration and GDPR regulates processing, there is no clear guidance on how data altruism organizations should handle cross-border

Conflicts explained

The 2 article-level conflicts between Data Governance Act and GDPR mean a control that satisfies one can pull the wrong way on the other:

Which regulation takes precedence

EU law does not lay down a universal precedence rule between Data Governance Act and GDPR. In practice three resolution approaches apply: lex specialis (the more specific provision wins when both purport to govern the same conduct); regulator guidance (EDPB, EBA, ESMA and the AI Office have all issued joint readings on overlapping articles — check the most recent applicable opinion); and document the choice (when the regulations leave the call to the controller, the audit defence is your written reasoning, not the regulator's silence). Where the corpus surfaces a conflict rather than an overlap, treat that as an escalation path to legal — not a control-design question.

What this means for your compliance team

Treat the 4 overlaps as design opportunities — one control, two regulatory anchors. Treat the 2 conflicts as escalation paths to legal: the regulations themselves don't resolve them, you do, and you document the reasoning. The 2 gaps point at scenarios where one regulation is silent while the other speaks — assume the regulator who has the explicit rule will win.

Related Fontvera pages

Check your full compliance exposure with the 5-minute Fontvera diagnostic →

§ What Fontvera found

Documents in our corpus

ai_office EU Fetched 2026-05
AI Act: AI i den offentlige sektor — krav til kommuner og regioner
ai_office EU Fetched 2026-05
AI Act: Transparency obligations for AI systems (Articles 50, 52)
imy SE Fetched 2026-05
IMY: Vägledning om konsekvensbedömning (DPIA)
imy SE Fetched 2026-05
IMY: Vägledning om AI och dataskydd
imy SE Fetched 2026-05
IMY: Capio S:t Görans sjukhus — sanktionsavgift 30 miljoner SEK
imy SE Fetched 2026-05
IMY: Google — sanktionsavgift 50 miljoner SEK för brister i rätten att bli glömd
imy SE Fetched 2026-05
IMY: SL (Storstockholms Lokaltrafik) — sanktionsavgift 8 miljoner SEK
imy SE Fetched 2026-05
IMY: Trygg-Hansa — sanktionsavgift 35 miljoner SEK för bristande säkerhet
§ Cross-references

Related Fontvera intelligence

COMPARISON
AI Act vs Data Governance Act comparison
COMPARISON
Data Act vs Data Governance Act comparison
COMPARISON
Data Act vs GDPR comparison
COMPARISON
Data Governance Act vs DMA comparison
COMPARISON
Data Governance Act vs DORA comparison
Need a cross-border briefing on this?
Search Fontvera ↵ Run the AI Act diagnostic
AI Act enforcement
63 days
until 2026-08-02, when most AI Act provisions begin to apply.
Intelligence · About · Pricing · Privacy · Terms
100% European infrastructure