Featured Topics

Privacy by Region

Browse Topics

Recently Added Resources

Top-10 operational impacts of the CPRA

This is a 10-part series intended to help privacy professionals understand the operational impacts of the California Privacy Rights Act, including how it amends the current rights and obligations established by the California Consumer Privacy Act. Read More

Tools and Trackers

The IAPP develops, maintains and houses a variety of tools to help members keep up with the rapid developments in privacy and their impact on business and the profession, from global privacy legislation comparisons to enforcement trackers and glossaries. Search All Tools US State Comprehensive Privacy Law ComparisonThe IAPP’s state law comparison tracker consists of proposed and enacted comprehensive privacy bills from across the U.S. to aid our members’ efforts to stay abreast of the chan... Read More

IAPP-FTI Consulting Privacy Governance Report 2020

View Report (PDF) This year’s “Privacy Governance Report” is the product of a partnership between the IAPP and FTI Consulting, our new sponsor for this year’s annual study that benchmarks the privacy profession. Now in its sixth year, this report takes a deep dive into the leadership structures, core functions, staff and budgets, and tasks and priorities of privacy programs around the globe. It provides key metrics on ongoing compliance with core pieces of privacy legislation, including the E... Read More

Privacy Risk Study 2020

Published: December 2020 The U.S. Securities and Exchange Commission requires most publicly traded companies to annually disclose in their Form 10-K submissions potential risk factors to investors. Beginning in 2017, the IAPP studied these disclosures to assess not just whether companies have been disclosing personal data processing practices and privacy regulations as a risk, but also increasingly what business harms the organizations faced for getting privacy wrong. For the first several y... Read More

Top-5 operational impacts of Brazil's LGPD

This is a five-part series aimed at helping global privacy professionals better understand the operational impacts of Brazil's new General Data Protection Law. The series addresses the LGPD in its current form, taking into account that, once formed, the national data protection authority, the Autoridade Nacional de Proteção de Dados, is authorized under various articles of the law to issue guidance on interpretation and expand upon certain provisions. Contributors Caitlin Fennessy, C... Read More

Brexit Privacy Checklist

On Dec. 31, 2020, the Brexit transition period comes to an end. Unless parties can reach an agreement before the deadline, the U.K. will be considered a third country in the eyes of the European Economic Area member states. Here, we list some of the main items that companies need to check before the deadline. Read More

Infographic – Brazilian General Data Protection Law may require 50,000 DPOs

Brazil’s General Data Protection Law is now in effect. Much like the EU General Data Protection Regulation, the LGPD has extraterritorial applicability, meaning any organization processing personal data in Brazil must comply with the law irrespective of the company’s location. One of the LGPD’s requirements for such companies under Article 41 is that they must appoint a data protection officer to be “in charge of processing personal data.” Given the prevalence of data processing in today’s dig... Read More