The IAPP-FTI Consulting Annual Privacy Governance Report 2020
Take a deep dive into the leadership structures, core functions, staff and budgets, and tasks and priorities of privacy programs around the globe with the IAPP-FTI Consulting Privacy Governance Report
Providing in-depth analysis of the data privacy landscape and how (and how well) corporate privacy teams are responding to its complexity, the report presents a complete snapshot of corporate data privacy today.
Click through our sample survey below to measure yourself against peers and then download a complimentary copy of the report to examine the data and its implications in depth.
Who Answered this Survey?
Respondent profile (business type, employees, revenue):
*Given that some respondents held more than one job title, the total adds to more than 100%.
Below is small sample of the hundreds of questions posed in the complete survey. Click your response to each question below to compare yourself against your peers.
How has the importance of privacy changed within your organization, if it has at all, in the wake of
- Much more important
- Somewhat more important
- Neither more nor less
- Somewhat less important
- Much less important
4 in 10 firms say privacy has become more important within their organization during the COVID-19 pandemic
It is not an overstatement to say the COVID-19 pandemic has reshaped daily life around the world. Neither would it be an exaggeration to say it has had an enormous impact on the privacy profession. In fact, COVID-19 has brought greater attention to privacy within many organizations, with more than 40% of respondents reporting that privacy has become more important within their organization in the wake of COVID-19, while only 5% said it has become less.
Has your organization conducted a privacy risk assessment or data protection impact assessment specifically with regards to the data collected from employees in the context of COVID-19?
Does your firm have at least one Data Protection Officer (DPO)?
- Have DPO
- Don't have DPO
- Outsource DPO role
The ranks of DPOs continue to swell
This year saw an increased presence of DPOs in the survey, in which about one in five respondents holds the title. Sixty-three percent of the firms surveyed have their own in-house DPO, with another 8% outsourcing the role. While most DPOs are currently mandated by the GDPR, the IAPP expects to see increases in the number of DPOs mandated by non-GDPR laws, such as Brazil’s LGPD, in the near future.
In the next 12 months, you expect your company’s privacy budget will…
- Stay the same
- Don't know
Take the good with the bad: Privacy staff and budget
Mean privacy spend is at $676,000 this year, up from $622,000 last year, an increase of about 8%. As was true of privacy staff sizes, larger organizations by total employees and company revenue tend to have significantly higher privacy budgets, as well. Indeed, for companies with annual revenues of $25 billion or more, their mean privacy budget is about $2 million.
Which of the following is the highest priority within your privacy program?
- Compliance with the EU GDPR
- Regulatory and legal compliance beyond the EU GDPR and CCPA
- Meet the expectations of business clients and partners
- Safeguard data against attacks and threats
- Compliance with CCPA
- Enhance or maintain company reputation and brand
The Priorities of Privacy Pros: GDPR, CCPA and Beyond
Issues of legal compliance remain at the heart of privacy professionals’ duties and responsibilities. Yet there is no single right way to approach compliance. Indeed, the data this year indicates privacy professionals are taking a variety of approaches in their pursuit of compliance with laws such as the GDPR, CCPA and LGPD. As was true in 2019, compliance issues remained front of mind, with 30% of privacy pros stating that compliance with the GDPR remained their top priority.
Interested in exploring the survey results and taking a deeper dive into the data and major survey themes such as:
- The pandemic’s specific effects on privacy departments
- Privacy budget changes and staffing resilience
- Approaches to and rates of compliance with GDPR, CCPA, and the growing number of privacy laws around the world
- Effects of the “Schrems II” decision on corporations’ data transfer mechanisms and processes?
Download the full report here or listen to FTI’s own privacy expert, Sonia Cheng, in conversation with survey author Müge Fazlioglu about survey results analysis as well as trends for 2021 and beyond.