IAPP: Simplified EU Digital Rules Could Help Refine Privacy, Governance Approaches
European Commission simplification efforts could help organizations boost compliance and make meaningful changes to their digital governance structures, IAPP officials told us Friday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Their comments come as IAPP research found that many organizations are concerned about their ability to track and comply with what they perceive as an increasingly complex number of EU digital laws and regulations and adapt their governance structures to comply with them, IAPP said in separate reports.
Expected Nov. 19, the Digital Omnibus Package "could create a real opportunity to optimize compliance approaches," IAPP Managing Director, Europe Isabelle Roccia, said in an email. Many organizations' attention now is on addressing the interplay between digital governance domains more holistically, Roccia added. A draft of the Package was leaked recently ([see Ref:2511100006]).
Streamlining some requirements that cut across laws "would embrace the current trend" of moving away from a siloed approach to compliance and governance, she said.
If enacted, the proposals could help organizations, particularly smaller businesses, make "meaningful changes" to their privacy regimes and, more broadly, digital governance practices, emailed IAPP Director of Research & Insights Joe Jones.
A major consideration for many, however, will be the extent to which they already have well-established governance programs, which could be hard to unpick and redesign, Jones said. But the simplification proposals and any supporting regulatory guidance on how to make sense of the proposals, "will be eagerly anticipated."
There are now more than 100 EU laws relating to digitization, many of them interacting and intersecting with one another, the IAPP noted in its October EU Digital Laws Report 2025. While most privacy professionals said they see regulation as helpful to their organization's mission, just one in five said they're fully confident in their ability to comply with the AI Act, Digital ServicesAct, Digital Markets Act, Data Governance Act (DGA), Data Act and NIS2 (Network and Information Security) Directive.
In addition, the report found professionals want to see more formal mechanisms for cooperation and coordination among lawmakers and operators. Groups such as the European Data Innovation Board, created by the DGA, could serve as a template for partnerships among national authorities, EU institutions and bodies, academia, research institutes, non-governmental organizations and trade and business associations, IAPP said.
A survey of more than 600 digital responsibility leaders and practitioners around the world showed that many organizations are "moving away from siloed approaches" to privacy, AI, cybersecurity and data governance, IAPP's November 2025 report on organizational digital governance noted.
Job titles and duties are expanding to reflect the convergence of privacy, cybersecurity and AI, with companies creating roles such as chief privacy, AI and data responsibility officer and chief digital safety officer, the report noted.
Respondents to the IAPP survey identified privacy and data protection as the most significant risks they face (58%), with AI, third-party/vendor risks and lack of resources following.
Organizations see regulation as good for innovation and business outcomes and digital governance as a driver of innovation, IAPP said.
Among the trends AI development is driving in the privacy profession are higher salaries for staff with digital governance responsibilities, an August IAPP survey found (see 2508050014).