AI capabilities have developed exponentially in the past two years. In particular, advances in generative AI have resulted in this technology leaping to the top of board room opportunity and risk agenda and into the minds of the general public. However, it appears that the roll out of AI systems across organisations has slowed, in part due to complex privacy considerations. As data protection regulators continue to intervene, this trend will continue. As the privacy challenges arising from the use of AI systems crystalise and the regulatory focus increases, the Data Protection Impact Assessment will emerge as a crucial data protection tool.