As the AI Act begins to apply, organisations must navigate an increasingly complex regulatory overlap with the GDPR. The EDPB and the European Commission are currently preparing guidance to clarify the interplay between both instruments, while the Digital Omnibus proposes targeted changes to Article 9 GDPR and the AI Omnibus finetunes sensitive data usage for bias mitigation. This workshop will examine how the two frameworks can best operate together and how organisations can operationalise them across the AI lifecycle. Key topics include GDPR lawful bases for AI training and deployment, data minimization duties, the approach to human oversight under Article 22 GDPR, as well as opportunities to streamline compliance tools such as DPIAs and AI Act risk assessments, records of processing or broader transparency obligations. Participants will also discuss how regulatory enforcement can be best organized in an increasingly crowded regulatory environment.