A busy quarter at the intersection of privacy, AI governance and regulatory change.
The past three months have been among the most energising in Pembroke Privacy’s journey. From Washington D.C. to Bengaluru, Mumbai and Dublin’s Blackhall Place, the team has been at the heart of the conversations shaping the future of data protection and AI governance, and we are delighted to share some highlights with you.
IAPP Global Privacy Summit 2026 – Washington D.C.
Perhaps the quarter’s most significant highlight was the IAPP Global Privacy Summit in Washington D.C., where Kate Colleary, in her role as IAPP Country Leader for Ireland, conducted the first public interview with Niamh Sweeney, Ireland’s newly appointed third Data Protection Commissioner. The session, which drew a packed room of international privacy professionals, covered Commissioner Sweeney’s priorities for the DPC in 2026 and beyond, including her approach to managing a 50% increase in complaints, the complexity of ongoing large-scale investigations, and the DPC’s careful exploration of AI tools to improve regulatory efficiency.
Commissioner Sweeney was candid about the enforcement landscape: of the 15 large-scale inquiries concluded to date, 13 are in active litigation, a reflection of Ireland’s common-law system and its demands for robust judicial scrutiny. She was equally clear that corrective measures, requiring changes to product design and mandating compliance reports, are often more impactful than fines alone. For organisations operating under GDPR, the message could not be clearer: regulatory expectations are rising, and so is enforcement.
The Summit itself was a remarkable gathering of minds. Keynotes from Salman Rushdie, Maya Shankar and Prince Harry, who demonstrated a thoughtful and deeply personal understanding of the right to privacy, set a tone that was both intellectually rigorous and profoundly human.
| “For organisations operating under GDPR, the direction is clear: expectations are rising — and so is enforcement. Strong data protection is no longer just about compliance. It is a cornerstone of trust and reputation.” |
IAPP Delegates Tour – India & the AI Impact Summit, Delhi
Prior to the Global Summit, Kate represented Ireland on the IAPP Delegates Tour of India, in the lead-up to the AI Impact Summit in Delhi. The tour included KnowledgeNet sessions with local privacy professionals in Bengaluru and Mumbai, where Kate joined a panel sharing a European regulatory perspective on digital governance. The energy and expertise of India’s privacy and technology community was striking, a reminder, if one were needed, of the truly global nature of the challenges we are all navigating.
While away, Kate was also honoured to be nominated in the Women in Digital category at Ireland’s National Digital Awards, a recognition that belongs as much to the entire Pembroke Privacy team as to any individual.
CMG Events – AI, GDPR & High Risk Processing
Closer to home, the Pembroke Privacy team was well represented at CMG Events’ data protection conference, with Kate chairing the day and a session delivered on AI, GDPR and High Risk Processing, equipping Data Protection Officers with the practical frameworks they need to maintain control in 2026. It is exactly the kind of applied, practitioner-focused expertise that Pembroke Privacy brings to every engagement.
Law Society of Ireland – New Data Protection & AI Governance Resources for Solicitors
In a project we are particularly proud of, Pembroke Privacy partnered with the Law Society of Ireland to develop a suite of practical data protection and AI governance resources for solicitors’ firms across Ireland, part of the Law Society’s new Practice Essentials initiative, designed to help smaller practices manage the business of law in a time of rapid transition. Drafted by the Pembroke team, including Charlotte Waldron and Karen Barreto CIPP/E, our contributions include a comprehensive GDPR guide for small firms, a Standard Operating Procedure for handling Data Subject Rights Requests, and an AI Governance Policy. A further set of resources will follow in a second release.
Speaking at the launch, Kate highlighted that Data Subject Access Requests are causing real difficulty for small practices, and that having a clear, workable procedure in place is no longer optional. She also struck an optimistic note: AI represents a genuine opportunity for smaller firms to access capabilities that were previously available only to larger organisations, and those who approach it deliberately rather than reactively will be best placed to thrive.
The launch was covered in the Law Society Gazette, and the full Practice Essentials suite is now available to download from the Law Society’s website. For Kate, who trained at the Law Society, returning to Blackhall Place in this capacity was a deeply personal milestone, and a reflection of how far the profession has come in recognising that data protection and AI governance are not niche technical concerns, but core business imperatives for every practice.
Looking Ahead
The regulatory environment continues to evolve at pace. With the DPC signalling a new era of enforcement, the EU AI Act moving into implementation, and organisations in every sector grappling with the governance of AI systems, the need for clear, expert, and commercially grounded advice has never been greater.
At Pembroke Privacy, our mission remains what it has always been: to make the complex clear. Whether you are reviewing your GDPR framework, preparing for regulatory scrutiny, or building an AI governance strategy fit for 2026 and beyond, we would love to hear from you, or indeed from anyone you think we might be able to help.