Privacy programs have expanded in size and budget over the past year, the recently released IAPP-EY Annual Privacy Governance Report 2018 found. This expansion was due in large part to the GDPR, even though more than 50% of survey respondents reported they were not yet fully compliant and one in five stated they will never be GDPR compliant. While many companies have appointed DPOs, certain GDPR provisions have proved particularly challenging. Rita Heimes, IAPP research director and DPO, discussed some of these findings and provided additional survey insights to the Cybersecurity Law Report. See also “EY Global Data Analytics Survey Finds Lack of GDPR Preparedness and Need for Cross-Functional Collaboration” (Mar. 28, 2018).