Editor's note: The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains.
As the last snowflakes of 2025 fall, I am honored to have participated in two December events: the Risk GCC conference in Dubai and the IAPP Pan-India KnowledgeNet.
Both forums revealed a shared momentum — of regulators and organizations moving beyond compliance stuffing — toward operationally sustainable stockings filled with governance, innovation and trust.
Risk GCC Dubai: A region ready to lead
Risk GCC shone like a festive star atop a regulatory tree, hosting digital governance leaders from finance, telecommunications, government and digital services in the bustling city of Dubai.
The Gulf Cooperation Council Region is experiencing a data winter wonderland marked not by cold, but by clarity and progress.
Key themes from panel discussions included:
- Artificial intelligence governance as a panettone built on ingredients of transparency and accountability.
- Cross-border data flows, reminiscent of three wise men navigating expansive terrain.
- Third-party risk management, akin to stuffing inside a turkey, often overlooked but core to the dish that is digital trust.
Risk GCC also underscored the increasingly coordinated supervisory approach adopted by the region's regulators. Tuning sectoral rules to baseline regimes enables the jingle bells of digital governance to be melodious rather than chaotic.
IAPP Pan-India KnowledgeNet: Capacity, community and collaboration
The Pan-India IAPP KnowledgeNet felt as lively as a New Year's countdown party.
India, turbo-charged with the rollout of its Digital Personal Data Protection Act, is witnessing the rise of a gingerbread ecosystem — an innovative, scalable privacy-tech market that is the icing on its success as the world's business process outsourcing hub.
Panelists took us through a sleigh ride of topics, including:
- DPDPA implementation, and the roles of data fiduciaries and processors.
- Consent management as the elves responsible for executing on Santa's privacy gifts.
- Children's data protection, akin to an angel safeguarding a manger.
Be it seasoned data professionals or first-time KnowledgeNet participants, every attendee contributed a perspective, a partridge in a pear tree, unique and essential to the overall landscape.
The sense of community felt like a large family gathering around a fireplace, sharing insights, experiences and strategies.
Common threads: Holism and the human element
Despite regional differences, two unifying themes emerged across both events.
Risk is now a board-level priority. C-suites are increasingly stepping into the digital risk and governance conversation. Senior leadership involvement, whether with the handling of customer consents, third-party risk management, or incident response, is no longer optional.
Human-centricity is the true North Pole. Audiences at both events were repeatedly reminded that privacy programs and processes must be built for people. Data governance, like mulled wine or warm cider, is best when thoughtfully crafted and well-balanced.
Looking ahead
As we prepare to greet 2026, let us take pause in the magic of the mistletoe.
Our regulatory foundations are rock solid, our ice-skating rink of talent is growing and cross-border cooperation guided by steadfast Ruldoph is strengthening.
So whether you are celebrating with a bustling feast, or a reflective walk through a pine forest, here's wishing all of our treasured community a merry season and a thoughtful, responsible and collaborative new year.
Charmian Aw, AIGP, CIPP/A, CIPP/E, CIPP/US, CIPM, FIP, is a partner at Hogan Lovells.
This article originally appeared in the Asia-Pacific Dashboard Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.
