Compliance Generation for Privacy Documents under GDPR: A Roadmap for Implementing Automation and Machine Learning

TL;DR

This paper presents a roadmap for automating GDPR compliance assessment and document generation, focusing on corporate and legal firm perspectives, by identifying tasks suitable for machine learning and automation.

Contribution

It shifts the compliance focus from consumer-centric to corporate and legal agents, providing a structured approach to automate GDPR compliance tasks.

Findings

Survey of current GDPR automation research

Identification of compliance tasks suitable for automation

Roadmap for implementing machine learning in compliance processes

Abstract

Most prominent research today addresses compliance with data protection laws through consumer-centric and public-regulatory approaches. We shift this perspective with the Privatech project to focus on corporations and law firms as agents of compliance. To comply with data protection laws, data processors must implement accountability measures to assess and document compliance in relation to both privacy documents and privacy practices. In this paper, we survey, on the one hand, current research on GDPR automation, and on the other hand, the operational challenges corporations face to comply with GDPR, and that may benefit from new forms of automation. We attempt to bridge the gap. We provide a roadmap for compliance assessment and generation by identifying compliance issues, breaking them down into tasks that can be addressed through machine learning and automation, and providing notes about related developments in the Privatech project.