Growing Concerns Over Privacy Budget Reductions
New research from ISACA, a global professional association dedicated to digital trust, reveals that 45% of privacy professionals in Europe believe their organisation’s privacy budget is underfunded. This marks an increase from 41% in 2024, with more than half (54%) expecting budgets to shrink further in 2025. The findings highlight growing concerns among privacy experts as organisations struggle to meet evolving regulatory demands and cybersecurity threats.
Lack of Confidence in Data Protection Efforts
Despite the General Data Protection Regulation (GDPR) being well-established in Europe, only 38% of professionals express confidence in their organisation’s ability to safeguard sensitive data. Many organisations still fall short in implementing Privacy by Design principles, with just 24% consistently practising this approach. As new regulations like the Digital Services Act and AI Act come into force, organisations failing to adopt comprehensive privacy frameworks risk compliance issues and potential financial penalties.
Staffing Shortages in Privacy Teams Persist
Staffing shortages remain a critical issue, with 52% of technical privacy teams in Europe reporting they are understaffed. While this marks a marginal improvement from 53% in 2024, retaining skilled privacy professionals continues to be a challenge. Approximately 37% of organisations struggle with staff retention, further exacerbating the issue.
Chris Dimitriadis, Global Chief Strategy Officer at ISACA, highlighted the increasing challenges in the privacy sector, stating, “As the threat landscape continues to evolve in complexity, privacy is becoming a sector that is not only difficult to operate in but also more critical. Two-thirds (66%) of the privacy professionals we surveyed said their job is more stressful now compared to five years ago. This stress is only worsened by continued underfunding. While organisations may see short-term financial savings, they are exposing themselves to significant long-term risks.”
The Benefits of Privacy by Design
European organisations that consistently implement Privacy by Design are more likely to have adequately staffed teams and reduced privacy skills gaps. Research shows that 43% of these organisations report appropriately staffed technical privacy teams, compared to 33% of organisations that do not implement Privacy by Design. Additionally, 58% of those practising Privacy by Design express high confidence in their technical privacy teams.
Organisations adopting this proactive approach are also investing in upskilling their workforce. More than half (56%) of European organisations that implement Privacy by Design have successfully reduced privacy skills gaps by training non-privacy staff for transition into privacy roles. In contrast, only 44% of organisations without this framework report similar progress.
Addressing the Privacy Skills Gap
A skilled workforce is essential for achieving Privacy by Design and ensuring regulatory compliance. However, the biggest skills gaps identified by European organisations include experience with various technologies and applications (62%), technical expertise (49%), and IT operations knowledge (45%).
To bridge these gaps, 47% of organisations offer training for non-privacy staff to transition into privacy roles. Industry experience remains a key factor in hiring decisions, with 95% of respondents valuing compliance and legal experience in determining a candidate’s qualifications. Additionally, 89% consider professional certifications important, whereas only 54% regard a university degree as a critical requirement.
Dimitriadis emphasised the importance of continuous training, stating, “Practising Privacy by Design and embedding privacy across an enterprise is crucial for long-term data protection. A comprehensive approach builds trust with stakeholders and safeguards organisations from emerging threats. However, this cannot be achieved without skilled privacy teams who feel prepared to address privacy challenges from a technological, business, and compliance perspective.”
The Future of Privacy Management
Organisations must take proactive measures to address privacy challenges, including investment in staff training and emerging privacy-enhancing technologies. By providing ongoing education in cybersecurity, data protection, and legal compliance, organisations can strengthen their privacy practices while mitigating stress for professionals in the field.
As privacy budgets continue to decline, organisations that fail to prioritise their privacy strategies may face increased security risks, regulatory penalties, and reputational damage. Those that invest in Privacy by Design and a skilled workforce will be better positioned to navigate the evolving digital landscape.