Autonomous vehicles process a huge amount of data about the driver, or rather passengers of the vehicle, as well as about other persons (pedestrians and passengers of other vehicles). This is why the autonomous vehicles raise questions about the protection of personal data. In 2018 a new European data protection legislation came into force. The General Data Protection Regulation places new obligations on controllers of personal data and provides new rights to data subjects, which will relate to operations of autonomous vehicles and their infrastructure. The providers thereof will have to implement the principles of data protection legislation into their systems. In this context the personal data is not just data concerning the identity of the driver, a passenger or other persons, but any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or even due to a peculiar behaviour in the vehicle. The paper will focus on the new legal regulation in relation to the operation of autonomous vehicles.