Login (DCU Staff Only)
Login (DCU Staff Only)

DORAS | DCU Research Repository

Explore open access research and scholarly works from DCU

Advanced Search

GDPR Compliance tools: best practice from RegTech

Ryan, Paul orcid logoORCID: 0000-0003-0770-2737, Crane, Martin orcid logoORCID: 0000-0001-7598-3126 and Brennan, Rob orcid logoORCID: 0000-0001-8236-362X (2021) GDPR Compliance tools: best practice from RegTech. In: International Conference on Enterprise Information Systems (ICEIS), 5-7 May 2021, Online. ISBN 978-3-030-75417-4

Abstract
Organisations can be complex entities, performing heterogeneous processing on large volumes of diverse personal data, potentially using outsourced partners or subsidiaries in distributed geographical locations and jurisdictions. Many organisations appoint a Data Protection Officer (DPO) to assist them with their demonstration of compliance with the GDPR Principle of Accountability. The challenge for the DPO is to monitor these complex processing activities and to advise and inform the organisation with regard to the organisations demonstration of compliance with the Principle of Accountability. A review of GDPR compliance software solutions shows that organisations are being greatly challenged in meeting compliance obligations as set out under the GDPR, despite the myriad of software tools available to them. Many organisations continue to take a manual and informal approach to GDPR compliance. Our analysis shows significant gaps on the part of GDPR tools in their ability to demonstrate compliance in that they lack interoperability features, and they are not supported by published methodologies or evidence to support their validity or even utility. In contrast, RegTech has brought great success to financial compliance, using technological solutions to facilitate compliance with, and the monitoring of regulatory requirements. A review of the State of the Art identified the four success features of a RegTech system to be, strong data governance, automation through technology, interoperability of systems and a proactive regulatory framework. This paper outlines a set of requirements for GDPR compliance tools based on the RegTech experience and evaluate how these success features could be applied to improve GDPR compliance. A proof of concept prototype GDPR compliance tool was explored using the four success factors of RegTech, in which RegTech best practice was applied to regulator based self-assessment checklist to establish if the demonstration of GDPR compliance could be improved. The application of a RegTech success factors provides opportunities for demonstrable and validated GDPR compliance, notwithstanding the risk reductions and cost savings that RegTech can deliver and can facilitate organisations in meeting their GDPR compliance obligations.
Metadata
Item Type:Conference or Workshop Item (Paper)
Event Type:Conference
Refereed:Yes
Uncontrolled Keywords:GDPR; Compliance; Accountability; Data protection officer; RegTech
Subjects:UNSPECIFIED
DCU Faculties and Centres:DCU Faculties and Schools > Faculty of Engineering and Computing > School of Computing
Research Initiatives and Centres > ADAPT
Published in: ICEIS 2020: Enterprise Information Systems. Lecture Notes in Business Information Processing (LNBIP) . Springer International Publishing. ISBN 978-3-030-75417-4
Publisher:Springer International Publishing
Official URL:https://dx.doi.org/10.1007%2F978-3-030-75418-1_41
Copyright Information:© Springer
Funders:Uniphar PLC., ADAPT, SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund.
ID Code:25928
Deposited On:10 Jun 2021 14:20 by Vidatum Academic . Last Modified 10 Jun 2021 14:20
Documents

Full text available as:

[thumbnail of Ryan2021_Chapter_GDPRComplianceToolsBestPractic.pdf]
Preview
PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
1MB
Downloads

Downloads

Downloads per month over past year

Archive Staff Only: edit this record