A paper entitled ‘Demonstrating GDPR Accountability with CSM-ROPA: Extensions to the Data Privacy Vocabulary’ authored by Paul Ryan and Professor Rob Brennan at DCU received the Best Paper Award at the 23rd International Conference on Enterprise Information Systems (ICEIS) held in April 2021.
The creation and maintenance of a Register of Processing Activities (ROPA) are essential to meeting the Accountability Principle of the General Data Protection Regulation (GDPR). The authors evaluate a semantic model CSM-ROPA to establish the extent to which it can be used to express a regulator-provided accountability tracker to facilitate GDPR/ROPA compliance.
The research shows that the ROPA practices of organisations are largely based on manual paper-based templates or non-interoperable systems, leading to inadequate GDPR/ROPA compliance levels. They contrast these current approaches to GDPR/ROPA compliance with best practice for regulatory compliance and identify four critical features of systems to support accountability. A case study is conducted to analyse the extent that CSM-ROPA, can be used as an interoperable, machine-readable mediation layer to express a regulator supplied ROPA accountability tracker.