3 Critical Insights from the 2025 IAPP Global Privacy Summit

We've just wrapped up an incredible week at the IAPP Global Privacy Summit in DC, where we had the honor of being the title sponsor. The energy was fantastic as 5,000 privacy pros gathered to tackle our industry's biggest challenges.

Our booth was buzzing with activity! So many of you stopped by for demos, added your thoughts to our Privacy Vision Board, grabbed a fresh headshot, or snagged one of our popular tote bags and stuffed dogs (which seemed to be everywhere by day two!).

A personal highlight was watching our CEO Ben Brook take the main stage to introduce keynote speaker Hans Peter Brøndmo. Ben captured what many of us were feeling – that privacy is evolving at warp speed in the age of AI. As he put it, "The conversations we were having even last year feel outdated compared to the challenges and opportunities right in front of us now." With AI reshaping discovery, creativity, and how we work, our community is right at the center of this transformation.

Building the AI governance plane while flying it

The most prevalent theme throughout the summit was how companies are approaching AI governance frameworks. Privacy leaders across the Fortune 500 consistently expressed that they are in many ways "building the plane as they're flying it" when it comes to managing AI risks and compliance.

During our panel, “Regulation vs. Reality–Bridging the AI Governance Gap”, Transcend’s Field Chief Privacy Officer, Ron De Jesus, led a discussion with privacy leaders including Idriss Kechida from OpenAI, Match Group’s Brandon Kerstens, and Sonia Siddiqui of Kohler Co., exploring the intersection of AI regulatory requirements with practical operational needs.

They broke down implementation into three practical steps: respond to regulations by understanding requirements and adapting your existing infrastructure, address business needs by being honest about knowledge gaps and hiring strategically, and focus on concrete deliverables like expanded DPIAs and clear documentation. The panelists emphasized that even privacy pros don't need to have all the answers right away–building effective AI governance is a journey that leverages what you already know while acknowledging where you need help.

"What's encouraging is that privacy professionals aren't starting from zero," noted one audience member. "The foundational work we've done in privacy governance—from policy development to risk assessment frameworks—provides a strong blueprint for AI governance."

This practical experience is proving invaluable as organizations race to establish guardrails that both protect individuals and enable innovation.

Find the full slide deck here.

Migrating from legacy privacy tools

A second theme emerged around technology transformation. Privacy executives are increasingly vocal about their frustration with legacy privacy management tools that fail to meet current demands.

"We're seeing a significant shift in how privacy leaders approach technology decisions," shared Ron De Jesus in a second panel, “How to Lose Your Privacy Tech in 10 Days”, moderated by Alan Wilemon of Kirkpatrick Price, alongside Adaora Amankwah of Yum! Brands, and Jeannette Gunderson of Worldpay. "There's no longer patience for manual, ticket-based systems that require constant maintenance and configuration changes to keep pace with regulatory developments."

What's driving this push for better tooling? We heard repeatedly:

• The need for solutions that scale alongside growing data complexity and regulatory fragmentation
• A desire for automation that reduces manual work and minimizes human error
• Integrations that connect privacy operations with broader data governance

The challenge many leaders face is building a compelling business case for migration. Privacy leaders are actively seeking and sharing metrics that demonstrate ROI, particularly around:

• Cost savings from reduced manual effort
• Improved efficiency through automation
• Risk reduction through more comprehensive coverage
• Operational improvements measured in time-to-completion

"At the board level, money talks," as one privacy executive candidly put it. "We're getting better at speaking that language to secure the resources we need for modern privacy operations."

Find the full slide deck here.

From blocker to business enabler: Demonstrating privacy's value

Perhaps the most transformative conversations centered on privacy's evolving role within today’s enterprise. Privacy teams across industries are actively working to reposition themselves as business enablers rather than compliance gatekeepers.

Our team had multiple conversations across the three days that explored effective ways to partner cross-functionally and demonstrate privacy's contribution to key business initiatives. From supporting international expansion and enabling responsible AI adoption, to accelerating product innovation and powering customer engagement and loyalty through growth and marketing campaigns, privacy leaders are repeatedly finding themselves as key conduits to privacy-powered growth.

"We're seeing a mindset shift from 'can we do this?' to 'how can we do this responsibly?'" explained Transcend’s Ben Brook. "The reframing positions privacy as a strategic partner rather than a roadblock."

Metrics again emerged as critical to this transformation. From SLAs around internal data processing, access to first party user data, or consumer trust statistics, leading teams are exploring ways to demonstrate their impact in driving privacy-first business innovation.

Looking ahead

As we reflect on these takeaways from privacy’s marquee event, it's clear that the pace of change in privacy is showing no signs of slowing. Leaders are embracing new challenges, demanding better tools, and strategically positioning privacy as a business enabler–all against the backdrop of rapid AI developments.

The most successful privacy pros are those who can balance technical expertise with business acumen, applying their expertise to drive organizational impact while advocating for consumer protections. As Ben emphasized in his remarks,

We're grateful to everyone who took the time to connect with us at GPS 2025!! Whether we had a conversation at our booth, connected over drinks at our Wicked-themed Defyning Privacy afterparty, or simply exchanged ideas during one of the many sessions, these interactions continue to inform and inspire our work.