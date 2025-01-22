Over 40% of European privacy professionals believe their organisations are not putting sufficient money behind data privacy initiatives, and 54% expect to get less money to play with during 2025, according to research from tech governance and digital trust association Isaca.

Even though the General Data Protection Regulation (GDPR) in Europe, and its UK equivalent, came into force in May 2018, Isaca also found that only 38% of European professionals were confident in the ability of their organisations to safeguard sensitive customer and employee data.

Isaca also warned that only 24% of European organisations were adhering to privacy-by-design principles, and many risked running afoul of GDPR and other new European Union (EU) frameworks and regulations – the AI Act and Digital Services Act, to name but two.

“As the threat landscape continues to evolve in complexity, privacy is becoming a sector which is increasingly difficult to operate in, but also more critical,” said Isaca global chief strategy officer Chris Dimitriadis.

“Two-thirds [66%] of the European professionals working in privacy roles who we spoke to said their job is more stressful now compared to five years ago. This is only being exacerbated by continued underfunding. While companies may be making a short-term financial gain, they are putting themselves at long-term risk.”

The issues businesses across Europe now face are compounded by understaffing, the report found, with 52% of technical privacy teams unable to fill their vacant seats, a marginal improvement of just 1% on last year’s report.

Respondents to the study also said they were struggling to retain staff once seated.