The IAPP-FTI Consulting Annual Privacy Governance Report 2020

Measure Yourself Against Peers

Interactive survey »

Download the Full Report

Download the PDF »

Listen to the Webcast

Recorded webcast »

Take a deep dive into the leadership structures, core functions, staff and budgets, and tasks and priorities of privacy programs around the globe with the IAPP-FTI Consulting Privacy Governance Report

Providing in-depth analysis of the data privacy landscape and how (and how well) corporate privacy teams are responding to its complexity, the report presents a complete snapshot of corporate data privacy today.

Click through our sample survey below to measure yourself against peers and then download a complimentary copy of the report to examine the data and its implications in depth.

Who Answered this Survey?

Respondent profile (business type, employees, revenue):

B2C, 16%
B2B, 33%
Both equally, 51%











Respondent titles*:













*Given that some respondents held more than one job title, the total adds to more than 100%.

Interactive Survey

Below is small sample of the hundreds of questions posed in the complete survey. Click your response to each question below to compare yourself against your peers.

How has the importance of privacy changed within your organization, if it has at all, in the wake of COVID-19

  • Much more important
  • Somewhat more important
  • Neither more nor less
  • Somewhat less important
  • Much less important
  • Unsure
Somewhat more important, 29%
Neither more nor less, 50%
Somewhat less important, 3%
Much less important, 2%
Unsure, 3%
Much more important, 13%

4 in 10 firms say privacy has become more important within their organization during the COVID-19 pandemic

It is not an overstatement to say the COVID-19 pandemic has reshaped daily life around the world. Neither would it be an exaggeration to say it has had an enormous impact on the privacy profession. In fact, COVID-19 has brought greater attention to privacy within many organizations, with more than 40% of respondents reporting that privacy has become more important within their organization in the wake of COVID-19, while only 5% said it has become less.

Has your organization conducted a privacy risk assessment or data protection impact assessment specifically with regards to the data collected from employees in the context of COVID-19?

  • Yes
  • No
  • Unsure
Yes, 45%
No, 45%
Unsure, 9%

Despite COVID-19 Concerns, Firms Lag Behind on Assessments

Less than half of firms collecting employee data related to COVID-19 have conducted a privacy risk assessment.

Does your firm have at least one Data Protection Officer (DPO)?

  • Have DPO
  • Don't have DPO
  • Outsource DPO role
Have DPO, 63%
Outsource DPO role, 8%
Don't have DPO, 29%

The ranks of DPOs continue to swell

This year saw an increased presence of DPOs in the survey, in which about one in five respondents holds the title. Sixty-three percent of the firms surveyed have their own in-house DPO, with another 8% outsourcing the role. While most DPOs are currently mandated by the GDPR, the IAPP expects to see increases in the number of DPOs mandated by non-GDPR laws, such as Brazil’s LGPD, in the near future.

In the next 12 months, you expect your company’s privacy budget will…

  • Increase
  • Decrease
  • Stay the same
  • Don't know
Increase, 42%
Decrease, 9%
Stay the same, 38%
Don't know, 10%

Take the good with the bad: Privacy staff and budget

Mean privacy spend is at $676,000 this year, up from $622,000 last year, an increase of about 8%. As was true of privacy staff sizes, larger organizations by total employees and company revenue tend to have significantly higher privacy budgets, as well. Indeed, for companies with annual revenues of $25 billion or more, their mean privacy budget is about $2 million.

Which of the following is the highest priority within your privacy program?

  • Compliance with the EU GDPR
  • Regulatory and legal compliance beyond the EU GDPR and CCPA
  • Meet the expectations of business clients and partners
  • Safeguard data against attacks and threats
  • Compliance with CCPA
  • Enhance or maintain company reputation and brand
  • Other
Compliance with the EU GDPR 30%
Regulatory and legal compliance beyond the EU GDPR and CCPA, 24%
Meet the expectations of business clients and partners, 14%
Safeguard data against attacks and threats, 10%
Compliance with CCPA, 7%
Enhance or maintain company reputation and brand, 7%
Other, 8%

The Priorities of Privacy Pros: GDPR, CCPA and Beyond

Issues of legal compliance remain at the heart of privacy professionals’ duties and responsibilities. Yet there is no single right way to approach compliance. Indeed, the data this year indicates privacy professionals are taking a variety of approaches in their pursuit of compliance with laws such as the GDPR, CCPA and LGPD. As was true in 2019, compliance issues remained front of mind, with 30% of privacy pros stating that compliance with the GDPR remained their top priority.

Learn More

Interested in exploring the survey results and taking a deeper dive into the data and major survey themes such as:

  • The pandemic’s specific effects on privacy departments
  • Privacy budget changes and staffing resilience
  • Approaches to and rates of compliance with GDPR, CCPA, and the growing number of privacy laws around the world
  • Effects of the “Schrems II” decision on corporations’ data transfer mechanisms and processes?

Download the full report here or listen to FTI’s own privacy expert, Sonia Cheng, in conversation with survey author Müge Fazlioglu about survey results analysis as well as trends for 2021 and beyond.

Download Survey

Download the PDF »

Listen to the Webcast

Recorded webcast »

FTI Data Privacy Services

Learn more »