Compliance Generation for Privacy Documents under GDPR: A Roadmap for Implementing Automation and Machine Learning
This work aims to help corporations and law firms automate GDPR compliance, an incremental improvement in legal tech.
This paper addresses the challenge of GDPR compliance for corporations and law firms by surveying existing automation research and operational challenges. It proposes a roadmap for compliance assessment and generation, breaking down compliance issues into tasks amenable to machine learning and automation.
Most prominent research today addresses compliance with data protection laws through consumer-centric and public-regulatory approaches. We shift this perspective with the Privatech project to focus on corporations and law firms as agents of compliance. To comply with data protection laws, data processors must implement accountability measures to assess and document compliance in relation to both privacy documents and privacy practices. In this paper, we survey, on the one hand, current research on GDPR automation, and on the other hand, the operational challenges corporations face to comply with GDPR, and that may benefit from new forms of automation. We attempt to bridge the gap. We provide a roadmap for compliance assessment and generation by identifying compliance issues, breaking them down into tasks that can be addressed through machine learning and automation, and providing notes about related developments in the Privatech project.