Ensuring data compliance, with its many moving parts is a constant challenge. Our latest survey of data protection and compliance professionals reveals the pressures teams face today, the practical realities of their work, and the emerging issues likely to shape the next few years.

The Day-to-Day Challenges of Compliance

Keeping up with changing regulations remains the top concern for many professionals, closely followed by managing employee awareness and training. Yet beyond regulations themselves, the practical execution of compliance tasks can be even more demanding. Subject Access Requests (SARs) emerged repeatedly as a significant strain on time, with one respondent noting:

“DSARs are still very manual and time-consuming.”

Other tasks that consume substantial resources include Data Protection Impact Assessments (DPIAs), contract reviews, breach reporting, staff training, and updating Records of Processing Activities (RoPA). Many professionals described their work as reactive rather than strategic:

“Limited budget and resources means I cannot focus on long-term priorities — just fire fighting.”

These insights highlight that compliance is not just about staying current with legislation; it’s about managing complex processes, coordinating across teams, and embedding accountability into daily operations.

Strained Resources and Confidence Levels

Resource constraints impact not only workloads but also confidence. When asked how confident they’d be demonstrating compliance to the ICO, just 16% felt “very confident,” while nearly half were only “somewhat confident.” Respondents highlighted that heavy workloads often leave little time for strategic oversight, contributing to uncertainty around regulatory readiness.

Opportunities to Make Compliance Easier

Survey participants emphasised the need for additional resources, clearer guidance, and better tools. More than 60% identified extra staff as the most helpful improvement, followed by clearer guidance from regulators (54%) and improved technology (42%).

Open responses also pointed to emerging pressures, particularly around AI adoption, data retention management, and global privacy changes:

“AI is an extremely useful tool but also extremely dangerous for future changes…companies that don’t invest now will be caught out.”
“Continual awareness and accountability. If everyone understood their responsibility for other people’s data, it would go a long way to being more compliant.”

Professionals recognise that human expertise, clear governance, and technological support must work together to manage both current and future compliance risks.

Emerging Challenges on the Horizon

Looking ahead, respondents expect new pressures to compound existing challenges. Increasing SARs, the uptake of AI and automated decision-making tools without safeguards, cross-border data sharing complexities, and ongoing resource constraints were all highlighted as critical issues. Several respondents also flagged reputational risks stemming from failure to keep pace with evolving legislation.

These emerging trends underscore the importance of proactive planning, continuous training, and a culture of accountability. Compliance teams that invest in these areas will be better equipped to navigate the shifting landscape of data regulation.

From managing time-intensive SARs to preparing for AI-driven compliance challenges, data professionals are constantly balancing immediate operational needs with longer-term strategic priorities.

Whilst this article summarises the insights gained from his years survey we will be sharing blogs, guides, experience and insights over the coming weeks that delve in to some of these topics in more detail. To find out how the ProvePrivacy platform can help you manage and monitor data protection compliance get in touch.