The General Data Protection Regulation (GDPR) is an EU regulation that became effective on the 25th of May 2018. It imposes a number of obligations on individuals and entities collecting personal data of EU residents, including, but not limited to, (i) implementing appropriate technical and organizational measures to ensure the security of the collected personal data, (ii) processing the personal data in a lawful manner, (iii) demonstrating their compliance with the GDPR, (iv) concluding data processing agreements with data processors (if any), and (v) reporting data breachesto the competent authorities.
While sole traders and other small businesses may be able to easily comply with the GDPR by hiring qualified professionals, large organizations may, in addition to external or internal expertise in the field of GDPR, need data privacy software that facilitates the GDPR compliance and reduces the costs associated with it. The purpose of this article is to examine the state of the art of data privacy software and provide speculations about its future. (Think you don’t need to comply with the GDPR because you’re not based in Europe? Think again: GDPR: Do You Know if Your Organization Needs to Comply?)
The State of the Art of Data Privacy Software
There is an abundance of software applications that facilitate GDPR compliance. They can be categorized in six groups, namely, (i) applications for mapping data flows, (ii) applications for preparing GDPR-compliant privacy policies, (iii) applications for reporting data breaches, (iv) applications for collecting cookie consent, (v) applications for creating GDPR-compliance checklists, (vi) and other GDPR-related applications. Elaborating on each of the applications in the five groups is beyond the scope of this article. Instead, it will examine one or more applications representing each group.