Approaching One Year GDPR Anniversary, IAPP Reports Estimated 500,000 Organizations Registered DPOs in Europe
Portsmouth, NH, May 16, 2019 – According to new research, the International Association of Privacy Professionals (IAPP) estimates 500,000 European organizations have registered data protection officers (DPOs) within the first year of the General Data Protection Regulation (GDPR). According to a recent IAPP salary survey, the average DPO’s salary in Europe is $88,000.
“GDPR marked a sea change in organizations’ approach to privacy and data protection,” IAPP CEO Trevor Hughes said. “Companies have integrated data protection into their governance structures and embraced the demands for accountability in GDPR. Of course, just appointing a DPO isn’t enough. Organizations must ensure that DPOs are trained and qualified to address one of the defining tech policy issues of our time, protecting privacy and individuals’ data.”
The GDPR, which has been in effect since May 2018, requires certain companies and public sector entities processing personal information about consumers and employees to register a DPO who has “expert knowledge of data protection law and practices.” In 2017, the IAPP estimated the implementation of DPO requirements would create a need for at least 75,000 DPOs worldwide, but that has proven to significantly underestimate the scope of implementation. The IAPP’s latest research found that 376,306 organizations have already registered DPOs in just 12 of the 28 EU member states, leading to an estimate of a total of 500,000 DPO actual registrations across Europe.
The current assessment is based on data received from Austria, Bulgaria, Denmark, Finland, France, Germany, Ireland, Italy, the Netherlands, Spain, Sweden and the United Kingdom, which together account for about 80 percent of GDP of the European Economic Area (EEA). Based on data from this block, the IAPP approximated the number of DPOs in the other EEA countries, taking into account their relative GDP and total corporate registrations. Recognizing the different standard for DPO registrations in Germany, which already required appointment of DPOs before GDPR, German numbers were calculated separately. The German total of approximately 200,000 DPO registrations was extrapolated from data received from German states and added to the approximate EEA total (minus Germany).
The estimated 500,000 organizations that have registered DPOs across the EEA include both private sector and public sector organizations. Since organizations are permitted to use external DPOs who in turn may serve multiple organizations, the IAPP expects the number of actual DPOs to be lower than the total count of organizations.
In separate research, the IAPP surveyed members in Europe regarding salary and overall compensation. The results of this survey reveal that a DPO in Europe earns an average salary of $88,000.
About the IAPP
The International Association of Privacy Professionals is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, promote and improve the privacy profession globally. More information about the IAPP is available at iapp.org.