Ryan, Paul ORCID: 0000-0003-0770-2737, Crane, Martin ORCID: 0000-0001-7598-3126 and Brennan, Rob ORCID: 0000-0001-8236-362X (2021) GDPR Compliance tools: best practice from RegTech. In: International Conference on Enterprise Information Systems (ICEIS), 5-7 May 2021, Online. ISBN 978-3-030-75417-4
Abstract
Organisations can be complex entities, performing heterogeneous processing on large volumes of diverse personal data, potentially using outsourced
partners or subsidiaries in distributed geographical locations and jurisdictions.
Many organisations appoint a Data Protection Officer (DPO) to assist them with
their demonstration of compliance with the GDPR Principle of Accountability. The
challenge for the DPO is to monitor these complex processing activities and to
advise and inform the organisation with regard to the organisations demonstration
of compliance with the Principle of Accountability. A review of GDPR compliance software solutions shows that organisations are being greatly challenged in
meeting compliance obligations as set out under the GDPR, despite the myriad of
software tools available to them. Many organisations continue to take a manual
and informal approach to GDPR compliance. Our analysis shows significant gaps
on the part of GDPR tools in their ability to demonstrate compliance in that they
lack interoperability features, and they are not supported by published methodologies or evidence to support their validity or even utility. In contrast, RegTech
has brought great success to financial compliance, using technological solutions
to facilitate compliance with, and the monitoring of regulatory requirements. A
review of the State of the Art identified the four success features of a RegTech
system to be, strong data governance, automation through technology, interoperability of systems and a proactive regulatory framework. This paper outlines a
set of requirements for GDPR compliance tools based on the RegTech experience
and evaluate how these success features could be applied to improve GDPR compliance. A proof of concept prototype GDPR compliance tool was explored using
the four success factors of RegTech, in which RegTech best practice was applied
to regulator based self-assessment checklist to establish if the demonstration of
GDPR compliance could be improved. The application of a RegTech success factors provides opportunities for demonstrable and validated GDPR compliance,
notwithstanding the risk reductions and cost savings that RegTech can deliver and
can facilitate organisations in meeting their GDPR compliance obligations.
Metadata
Item Type: | Conference or Workshop Item (Paper) |
---|---|
Event Type: | Conference |
Refereed: | Yes |
Uncontrolled Keywords: | GDPR; Compliance; Accountability; Data protection officer; RegTech |
Subjects: | UNSPECIFIED |
DCU Faculties and Centres: | DCU Faculties and Schools > Faculty of Engineering and Computing > School of Computing Research Initiatives and Centres > ADAPT |
Published in: | ICEIS 2020: Enterprise Information Systems. Lecture Notes in Business Information Processing (LNBIP) . Springer International Publishing. ISBN 978-3-030-75417-4 |
Publisher: | Springer International Publishing |
Official URL: | https://dx.doi.org/10.1007%2F978-3-030-75418-1_41 |
Copyright Information: | © Springer |
Funders: | Uniphar PLC., ADAPT, SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund. |
ID Code: | 25928 |
Deposited On: | 10 Jun 2021 14:20 by Vidatum Academic . Last Modified 10 Jun 2021 14:20 |
Documents
Full text available as:
Preview |
PDF
- Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
1MB |
Downloads
Downloads
Downloads per month over past year
Archive Staff Only: edit this record