Chief privacy officer salaries are on the rise, a new report from the International Association of Privacy Professionals claims, with U.S.-based professionals earning the most.

According to the IAPP's 2019 Privacy Professionals Salary Survey, American CPOs' median salary is $212,000 compared to $185,000 in the U.K. and $142,000 in the European Union. The global median salary for CPOs is $200,000 in 2019.

Privacy is just becoming more and more of a necessary skill set for a lot of companies. It's in great demand and whenever a skill set's in high demand that tends to command a higher salary,” said Barrett Avigdor, a managing director at Major, Lindsey and Africa. “Whenever a skill set is in demand, a higher salary.”

The cross-Atlantic salary gap could reflect different approaches to privacy professionals in Europe and the U.S. Fewer European respondents hold the CPO title than Americans, according to the IAPP's report, 10% in the U.K. and 8% in the EU compared to 17% in the U.S.

Privacy professionals in Europe were more likely to hold the data protection officer title, a role mandated at some companies by the EU's General Data Protection Regulation. Nearly 40% of European respondents held the DPO role, compared to 5% of U.S.-based privacy professionals.

DPOs' media global salary was $100,000, half of CPO's median salary. The IAPP's report said, based on those salaries, that “the DPO role is shaping up to be a relatively low- or, at best, mid-level compliance position rather than a leadership or executive role, like the CPO or lead privacy counsel.”

Lead privacy counsel earned a global median of around $183,000. U.S.-based privacy counsel earned a median salary of $190,000, U.K. and EU-based privacy counsel earned $179,000 and $107,000, respectively.

Median salaries for all privacy professionals, including counsel, CPOs and DPOs, is still highest in the U.S. at $150,000. European privacy professionals median salary came in at $100,000, including the U.K. This earnings gap could stem from different experience levels: American privacy professionals averaged 8.2 years of privacy work while EU and U.K. professionals averaged 6.6 years and 7.7 years, respectively.

American privacy professionals are also most likely to be part of their company's legal team. Half of U.S.-based privacy professions were based in legal departments, versus 38% in Europe and 27% in Canada. Almost 15% of U.S. privacy professional not in the legal department were part of the compliance team.

“I'm seeing more and more of those CPO roles filled by lawyers rather than purely IT people. And I think it's because so much of this is now driven by law,” Avigdor said. “It's not just … protecting the data, but complying with the laws related to the data.”

Europe's GDPR went into effect last May and, shortly after, California became the first U.S. state to pass a privacy law. U.S. legislators have held a series of hearings on a potential federal privacy law in recent months.

Fewer than 40% of European privacy professionals considered themselves part of legal. Globally, 42% of respondents said they held professional degrees such as an MBA, LLM or JD.

The IAPP's report found most privacy professionals, 63%, work in large cities, and 22% in smaller urban areas. More than one-fifth of U.S.-based respondents hail from California, with New York coming in second at 11%. Illinois, Texas, Massachusetts, New Jersey, Minnesota and Washington are also home to a significant number of U.S. privacy professionals.