I’m back from an incredible few days at IAPP Data Protection Intensive UK 2025 in London, and I couldn’t be more energized by the conversations, insights, and connections made throughout the event. With 1,000+ attendees and 100+ expert speakers, this year’s conference was packed with thought-provoking discussions on AI governance, data lineage, and the evolving privacy landscape.

Key Themes from Privacy Leaders

Here are the 3 key themes that emerge from my conversations with Privacy leaders:

• The Privacy community is hungry for fresh perspectives and innovative approaches to solving common issues. The status quo is no longer sufficient and Excel spreadsheets, manual processes or first generation tools for Data Mapping, ROPAs and Third Party Risk Management just won’t do anymore. People want to move away from low value-add repetitive tasks, and onto higher priority, value driving initiatives.
  
  
• Privacy, security, and governance teams feel the need to shift from simple gatekeepers to catalysts for innovation. A compliance focused, regulation only, top-down approach is insufficient, particularly when in the AI space, regulation is seen as a barrier to innovation. A technology first, bottom-up approach is becoming increasingly preferable, not least because of scalability concerns, and the need to do more with less.
  
  
• AI is on everyone’s mind. The AI revolution isn't a distant horizon; it's here, now. Every organization is grappling with its implications. Early implementations are starting to produce valuable lessons, if not yet valuable results. A key theme is that in a world where everyone has access to the same handful of models (be they Co-pilot, ChatGPT or Gemini) high-quality, unique data is the real competitive advantage.

The Evolving Landscape of AI Governance

I also attended a few keynote sessions as well as panel conversation. This is a selection of some of the points that stuck with me:

• The global landscape of AI governance remains dynamic, with different jurisdictions adopting varied approaches to balance innovation and regulation. 
• Most people agree there is a clear trend towards deregulation in the US, while in Europe the situation is more nuanced, with some indications of potential regulatory reassessment. 
• The UK is attempting to carve out a "third way" in AI governance, positioning itself between the EU's risk-averse approach and the US's more accelerationist philosophy. It is important to note that these changes are recent and their full impact is yet to be seen. 

However, for multinational companies operating across jurisdictions, all this just means more complexity to stay on top of. 

‍

Emerging Trends in AI, Privacy, and Automation

There are encouraging signs that more DPOs are starting to have their own budget, separate from the broader legal team's. Still, nobody is under any illusions that this budget will become generous any time soon. Privacy teams continue to be lean. True automation of the various operational tasks, and consolidating siloed solutions into “single pane of glass” platforms is emerging as a driving trend.

I particularly enjoyed Susie Alegre’s talk, as part of the closing general session, in which she explored the impact AI may have on our fundamental human rights, and the ethical dilemmas of emerging technologies. Ms. Alegre offered a reminder to the Data Privacy and Protection Professionals in the room that AI is not magic, it doesn’t really live “in the cloud”, it is not above the law and that “it’s all in the data”.

I couldn’t have put it better.

Want to learn more about how Data Journeys can get your cross-functional team on the same page and turn AI risk into AI trust? Reach out to us and see how our platform can help you safely and responsibly accelerate AI adoption for your company.