GDPR News » IAPP Data Protection Congress – Brussels

Two days at the IAPP Data Protection Congress 2025 in Brussels. Here are the key takeaways that stood out for us.

Over the past forty-eight hours, Brussels gathered thousands of privacy, tech and policy professionals under one roof. AI governance, the Digital Omnibus proposal, data transfers, platform regulation, cyber resilience and children’s protection dominated conversations both on stage and in the hallways. Below is a selection of what resonated most.

1. GDPR and the AI Act are not in conflict.

Both the European Commission, DPA’s and AI Office representatives underlined that the two frameworks are complementary. The message was clear. Use the data you need, explain why you need it and justify it under GDPR principles. The AI Office also highlighted upcoming guidance and the availability of a help desk for organisations that need to navigate obligations.

2. The Digital Omnibus dominated informal discussions.

Beyond the official programme, the release of the Digital Simplification Omnibus on 19 November was the topic everyone debated. It introduces proposals that cover Data Protection, Cyber Security, and AI. Some measures promise anticipated clarity while others will likely trigger intense negotiation. Everyone is now watching what the Parliament and the Council will do next.

3. European tech sovereignty is back on the agenda.

Many sessions on tech sovereignty emphasised that Europe has the talent and the ingredients to compete globally, but risks continuing to rely on infrastructure and tools built elsewhere. Speakers called for a more coherent long term strategy, more demand for European solutions and a stronger alignment between economic policy and digital regulation.

4. Web scraping, vendor management, workplace AI and cross border transfers remain difficult issues.

Across multiple panels, organisations asked how to manage agents acting autonomously, how to govern AI infused services from vendors, how to deploy workplace AI responsibly and how to maintain global data flows in a fragmented regulatory landscape.

5. A powerful closing message.

The final keynotes reminded attendees that privacy, competition policy and digital regulation are increasingly intertwined. Europe must both protect rights and invest in the capabilities that allow innovation to flourish. Trust, accountability and responsible design remain the foundations of any sustainable digital strategy.

Two days of intense exchanges, practical insights and thoughtful debate. Thank you to the IAPP for bringing together such a strong community again.

If you attended, we would love to hear what stood out for you.