Happy Data Privacy Day! Since 2007, on this day we celebrate the signing of Convention 108: the first international privacy treaty. And what a great occasion to share five key trends that will determine the data privacy agenda for the year ahead.

  1. AI governance and risk management are the top priorities for privacy teams globally. To no one’s surprise, improving AI governance and managing the risks of AI and genAI share the top of the priority list of privacy teams, according to Forrester’s Business Privacy Survey, 2025. From running AI risk assessments to delivering AI training and leveraging privacy controls to ensure that AI risks are identified and mitigated, privacy teams have the processes and the expertise to help their organizations tackle the risks of AI. Privacy teams also need the right tool for the job. Privacy management software is a good place to start, with many vendors already providing support for AI governance and risk management. Do you want to know more? Check out The Forrester Wave™: Privacy Management Software, Q4 2025, for more details!
  2. Look beyond Europe for privacy enforcement. The time when top fines for privacy violations came only from Europe is gone! In 2025, the highest fine for violating privacy regulations came from Texas: a $1.375 billion settlement with Google for tracking and collecting consumer data without users’ knowledge. Additionally, US regulatory agencies issued 22 of the top 50 privacy fines in the past 12 months. EU privacy regulators remain the most prolific: They issued 335 fines in 2025, with 20 of them making the top 50 list. The UK, Nigeria, Peru, and South Korea issued the rest of the top privacy enforcement actions in 2025. If you want to know more about the world’s biggest data breaches and privacy abuses of 2025 and how they change the privacy agenda for 2026, stay tuned! We will soon publish our annual report on lessons learned from the world’s biggest data breaches and privacy abuses over the past year.
  3. Sixty percent of privacy organizations get extra funds from other teams for privacy investments. Forrester’s Business Privacy Survey, 2025 shows it clearly: Privacy budgets are growing. Seventy-five percent of global privacy decision-makers expect their budget to grow in 2026. But wait, there’s more! Sixty percent of our respondents also shared that, to fund privacy investments, they also use budget from other business units. Experience suggests that the IT budget and the security budget are the most likely places to get the extra funding. This makes total sense, as these teams are the most likely to collaborate with privacy on the definition and enforcement of privacy policies, especially in relation to data and cloud. If you want more insights into budgets and where peers in security and IT are investing their money, read the Budget Planning Guide 2026: Security And Risk.
  4. AI agents are coming, if not already here, and a unified, deeper view of data is a must. According to generative AI decision-makers in Forrester’s Q4 2025 AI Pulse Survey, 24% say that their firm is in production with agentic AI while 50% are piloting. Understanding what personal data is processed via an agentic AI system is a critical prerequisite, however. A surface-level understanding of data (e.g., “is this PII or not?”) will not cut it. Enriching classification with context such as data purpose, data lineage, and identity awareness helps enforce granular controls. It also provides a unified view of data across security, privacy, and data management for agentic AI security and governance. If you need help to automate sensitive data discovery and classification and bolster data security posture management, check out The Sensitive Data Discovery And Classification Solutions Landscape, Q4 2025.
  5. Privacy-preserving technologies are in demand for securing agentic AI. Privacy-preserving technologies are hot, protecting personal data to reduce risks while enabling its use. With the emergence of agentic AI, demand for these controls will grow further, but the focus is shifting away from privacy-filtering capabilities for controlling viewing and access, such as masking and tokenization. Analytics and AI data training use cases require controls that protect data during processing — such as homomorphic encryption, secure multiparty computation, runtime encryption, and synthetic data. If your team is not looking at these technologies already, it’s time to learn how they will support agentic AI security. To get started, read Introducing Forrester’s AEGIS Framework: Agentic AI Enterprise Guardrails For Information Security.

Forrester clients can read more about data privacy and/or schedule a guidance session. Happy Data Privacy Day 2026!