Design Challenges for GDPR RegTech

TL;DR

This paper examines the challenges in designing GDPR RegTech solutions, highlighting gaps in current tools and exploring a prototype approach to improve compliance demonstration using RegTech best practices.

Contribution

It introduces a RegTech-based approach and prototype to enhance GDPR compliance demonstration, addressing interoperability and validation issues in existing solutions.

Findings

Current GDPR compliance tools lack interoperability features.

RegTech approaches can improve compliance demonstration.

Prototype shows potential for validated GDPR compliance.

Abstract

The Accountability Principle of the GDPR requires that an organisation can demonstrate compliance with the regulations. A survey of GDPR compliance software solutions shows significant gaps in their ability to demonstrate compliance. In contrast, RegTech has recently brought great success to financial compliance, resulting in reduced risk, cost saving and enhanced financial regulatory compliance. It is shown that many GDPR solutions lack interoperability features such as standard APIs, meta-data or reports and they are not supported by published methodologies or evidence to support their validity or even utility. A proof of concept prototype was explored using a regulator based self-assessment checklist to establish if RegTech best practice could improve the demonstration of GDPR compliance. The application of a RegTech approach provides opportunities for demonstrable and validated GDPR compliance, notwithstanding the risk reductions and cost savings that RegTech can deliver. This paper demonstrates a RegTech approach to GDPR compliance can facilitate an organisation meeting its accountability obligations.