The privacy job market exploded after the EU’s adoption of the General Data Protection Regulation (GDPR) in 2016. Jobseekers have been challenged by an increasingly complex legal landscape, highly demanding technical requirements, and new job responsibilities across AI governance, children’s online safety, and more. As our societal understanding of ‘privacy’ changes, so do the demands on privacy managers, and the privacy job market already looks radically different just ten years later.
Getting started in privacy
Most privacy managers come from legal, information technology, security, or general compliance backgrounds. Some practitioners begin their careers in privacy, while most make the jump from more generalized fields. Depending on how a company has structured their privacy team, they could be searching for a very unique set of skills.
The International Association of Privacy Professionals (IAPP) launched the Certified Information Privacy Professional (CIPP) credential in 2004, followed by the Certified Information Privacy Manager (CIPM) and the Certified Information Privacy Technologist (CIPT) in 2013 and 2014 respectively. While not all privacy managers hold these credentials, they are commonly accepted as indicators of privacy proficiency, and a great first step towards employment.
Shifting approaches to work
Across all industries, hiring is slowing. Despite increasing demand under international regulatory scrutiny and rising litigation, privacy is no exception. TruLegal, a staffing firm specialized in privacy and cybersecurity, has closely monitored changes to the privacy job market. In the 2025 AI Governance and Data Privacy Jobs Report, TruLegal analyzed over 50,000 open job listings and found that while full-time roles were slowing, contract work was thriving.
Contract work isn’t just an entry-level option, though entry-level privacy contract work tends to be longer term and stable. Companies also hire fractional Chief Privacy Officers and executive-level privacy professionals for short-term data governance and privacy-by-design projects. The privacy team at BDO USA has observed that while outsourced privacy management is trending strongest at midsize firms, even larger enterprises leverage fractional privacy models to meet more niche obligations.
As Jared Coseglia, CEO of TruLegal, explained, “Hiring managers and job seekers should embrace that contract work is the fastest and most effective way to bring them together.”
Adding salaried headcount can be a grueling and time consuming process, but contract work is comparatively simple to approve – and TruLegal found that most contract roles end up extending their term. “90% of the time the contract ends up doubled. If they say six months, it turns out to be twelve. If they say twelve, chances are it will convert to a full-time role,” Coseglia noted.
“More than 80% of TRU’s clients, which include over 250 of the Fortune 1000, are now using privacy contractors. But here’s the kicker: 42% of contractors were offered direct-hire conversion, and 95% accepted that conversion to FTE,” agreed Byron Johnson, Manager of Business Development & Recruiting at TruLegal.
For jobseekers open to trying fractional or short-term roles, contract work can be the key to rapid privacy career growth. Consider focusing on a specialization such as DPO services, privacy impact assessments, AI data governance implementation, privacy tech stack evaluations and/or implementation, AI bias audits, or otherwise.
An evolving skillset
Understanding privacy regulations and how to stay compliant is no longer sufficient. According to the IAPP Salary and Jobs Report 2025-26, about 35% of survey respondents were also responsible for AI governance. In 2024 alone, 45+ states introduced AI bills. Privacy managers are used to handling discrete and sometimes conflicting legislation, but AI is rapidly becoming the most complicated legal challenge a company could face. IAPP reported that hybrid roles across privacy and AI may also compensate at a much higher rate, making the challenge more attractive for young professionals.
TruLegal’s research found that jobs exclusively dedicated to AI governance are still pretty rare. When these roles appear, they are often fractional leadership roles reporting to a Chief Privacy Officer. Still, blended roles are becoming more common. Other times, AI governance is de facto accepted as an unnamed component of privacy. This is especially true at the executive level – TruLegal found that 90% of Chief Privacy Officers are involved in AI governance.
In Privacy Basecamp, our private Slack community, members have discussed how even before AI governance work bled into privacy compliance, privacy teams have begun hiring for more technical, not just legal, skillsets. Regulators have indicated that a well-written privacy policy is not sufficient, companies are responsible for confirming their privacy protections are working as expected. Privacy teams need employees who don’t just understand the law, they understand the organization’s tech stack. Between Shadow IT and now Shadow AI, this is not a simple proposition. Some privacy professionals have worked to develop their own basic coding skills, allowing them to create basic API commands for data deletions and more.
When privacy teams aren’t doing their own coding, they need strong relationships with technical teams. Take Sean Kellogg and Eric Lovell as an example – by translating legal requirements into technical terms, Kellogg and Lovell transformed Dexcom’s data privacy practice. Similarly, soft skills are integral to building buy-in and turning privacy-by-design into a practical reality.
What does all of this mean for the modern privacy jobseeker? Developing technical expertise, experience leading demanding interdepartmental projects, or growing specialization in AI governance could all be meaningful career boosters.
Growing into leadership
At some companies, there’s no way around a law degree when it comes to a privacy leadership position. It’s relatively common to see a General Counsel or Associate General Counsel that also holds a Vice President of Privacy or Chief Privacy Officer title for example. However, law isn’t the only path into privacy leadership. Individuals who hope to climb the ladder without pursuing a J.D. will find more opportunities by broadening their technical expertise and versatility in the security space.
Again, some businesses will turn to outside privacy consultants to handle more executive responsibilities. Karen Schuler, Head of Privacy, Data & AI Governance at BDO USA, explains, “Our teams are being hired to bridge [legal and technical] silos, create governance frameworks, and facilitate collaboration across departments.”
To break into executive work, privacy managers must prove they are able to stay current with the privacy landscape. Schuler outlines, “Thought leadership—whether through blogs, webinars, or speaking engagements—shows that you’re engaged with the latest trends and regulations. Sharing your insights not only helps others but also demonstrates your commitment to professional growth and innovation in the field.”
As part of these engagements, Schuler also recommends maintaining a portfolio of project-based work with tangible evidence for success. That means continuously documenting and sharing the success of efforts like privacy tech stack evaluations, AI governance frameworks, and risk assessments.
Final thoughts
Whether you’re just starting out in privacy or you’re a seasoned professional seeking your next leadership role, find career support in Privacy Basecamp, our slack community. This free resource includes:
- Study groups for Privacy & Privacy-adjacent certifications
- Weekly job posting round-ups, including hiring manager intros for roles in our network
- All of the information you need to stay current and competitive as a privacy job candidate
