Now in its fifth year, the IAPP-EY Privacy Governance Report has evolved over time, along with the privacy profession itself.
This year, almost as many of the 370 respondents to the survey hailed from the European Union as from the United States. This reflects the growth of the privacy and data protection profession in the EU in reaction to the GDPR. The GDPR has driven growth in privacy-pro ranks in the U.S., as well.
And yet, have we seen a leveling-off of business investment in privacy post-2018? Budgets and staffing are flat this year, even though GDPR compliance has not yet been widely achieved.
One GDPR responsibility most have met, in response to Article 37, is to appoint a data protection officer — nearly three out of four organizations subject to the regulation have appointed a DPO, whether obligated by the law or not. Indeed, one-third of all survey respondents hold the DPO title. Among those DPOs from the EU, most (69%) hold the top privacy role for their firm. They often have direct reporting lines to the board of directors, as well.