Support activities for a leading credit institution in assessing the compliance of the internal regulatory framework on data governance with the European framework established by the GDPR and the AI Act. The intervention integrated legal analysis and operational assessment, including the mapping of data processing policies and procedures, the analysis of algorithmic flows, and the verification of consistency with the principles of transparency, proportionality, and accountability.