Introduction to Resource Center
This page provides an overview of the IAPP's Resource Center offerings.

Contact Resource Center
For any Resource Center related inquiries, please reach out to resourcecenter@iapp.org.



Resource Center / Reports and Research Articles / Organizational Digital Governance Report

Organizational Digital Governance Report 2025

This report provides insight on the extent to which organizations are defining, designing and deploying digital governance programs and how they are doing so.

Published: November 2025

Contributors:

Joe Jones
Saz Kanthasamy
Brandon LaLonde

View Report (Members-only)View Infographic (PDF)

Since 2015, the IAPP has surveyed the growing global community of professionals to determine the state of privacy governance within organizations. The unrelenting and dynamic growth of digital technology has brought with it a developing, broadening and consequential aperture through which digital technologies are to be governed.

It is no longer sufficient to view digital organizational governance within the siloed context of privacy. AI governance, online safety and cybersecurity — just to name a few domains — are also crucial.

The interplays and intersections between these domains from a regulatory, societal, technological and market perspective drive how organizations approach digital governance.

Recognizing this, the IAPP published a report in 2024 focused on organizational digital governance and coined the term "digital entropy." We sought to determine the extent to which organizations were feeling the effects of an increasingly entropic digital governance environment and how they were responding. The 2024 report documents how organizations leveraged and evolved already-established governance structures and were beginning to integrate several different digital domains in response.

The 2025 governance survey sought responses from the IAPP's global membership base to a 74-question survey over the course of eight weeks from April to June 2025. Questions sought to elicit information on the extent to which organizations are defining, designing and deploying digital governance programs and, in practical terms, how they are doing so. More than 600 individuals from 45 countries and territories responded.

The IAPP will be publishing additional content specific to the governance structure of individual domains, such as privacy governance, that will more closely examine topics such as team size, budget, recruiting and use of technology.

Key takeaways

Classifying the organizational digital risk environment

The risk environment for digital technologies remains inherently complex, ever changing and, in the absence of proactive risk management, difficult to navigate.

Interconnected risks are the new normal

Continuous innovation in the digital environment, whether it be the proliferation of Internet of Things devices or the rise of intuitive generative and agentic AI models, has shifted the way organizations perceive and operationalize their risk mitigation approaches. Today's risks span multiple domains and siloed approaches may prove to be fundamentally inadequate in addressing the new, interconnected and complex digital risk environment.

Digital governance approaches are forming

Key to supporting an innovative mindset from within the governance function is also the need for the organization to mature its approach to governance. While technologies may have been rapidly adopted by organizations, the maturity of digital governance within organizations may slow its loftier digital ambitions. This year's survey sought to understand the maturity of organizations' approach to digital governance.

Good digital governance matters regardless of the external regulatory environment

The pace of — and the increasing uncertainty surrounding — digital regulation has posed complex challenges for those in the digital governance space. One such challenge is regulation.

An effective digital governance approach may help accelerate — not hinder — innovation within an organization

An increasingly outdated view of governance is that it is focused on risk management and mitigation, regulatory compliance and exerting control; this perspective often treats governance as a brake to slow down or stop initiatives to create, innovate and adopt digital technologies. Innovation is now a critical driver for organizations to remain competitive, resilient and sustainable. The rapid pace of change, market disruptions and unforeseen events all require a novel approach. Those that fail to innovate risk being left behind, chasing shadows and, in the worst case, disappearing altogether.

View Report (Members-only)

At-a-Glance Infographic

This at-a-glance infographic presents key data points from the report, with a focus on responding to deregulation.

View Infographic (PDF)

Additional resources

Tags: Big Data, Infosecurity, Privacy Business, Privacy Law, Privacy Operations Management, Privacy Research, Security Operations Management, Westin Research Center

Approved
CDPO, CDPO/BR, CDPO/FR, CIPM, CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPT, LGPD
Credits: 3

Submit for CPEs

Related Stories
Privacy Technology
Here, you can find the IAPP’s collection of coverage, analysis and resources related to privacy technology and privacy by design....
The Industry of Privacy
This page offers research on the industry of privacy from the IAPP and others to help you take stock, compare your practices to those of others, justify the need for privacy professionals within your organization and obtain budget benchmarks....
AI Governance in Practice Report 2024
This report aims to inform the growing, increasingly empowered and increasingly important community of AI governance professionals about the most common and significant challenges to be aware of when building and maturing an AI governance program....
Read More
The Intersection of Privacy and AI Governance
This resource includes a table and Venn diagram that provide an understanding of the intersection of privacy and AI governance, revealing numerous similarities, differences and valuable insights about each area's impact on the other....
Read More