The Digital Services Act (DSA) and the General Data Protection Regulation (GDPR) now intersect in EU digital law, and new European Data Protection Board (EDPB) guidelines explain how they work together. Providers of intermediary services must identify lawful bases for processing personal data, consider GDPR rules on automated decisions, and meet transparency obligations under both laws. They also must handle sensitive data carefully and minimize data when protecting minors. The DSA does not replace GDPR but complements it.
