skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration


Two primary approaches are emerging in the GDPR compliance solution market: those that depend more on technology and those that depend more on existing organizational processes and workflows. The better approach, however, is a matter of debate.


  • GDPR, as a rule, is technology-agnostic. While technology is a necessary component in controlling and managing data, the regulation puts emphasis on repeatable, documentable processes driven by established human roles and responsibilities.
  • The landscape of vendors offering GDPR-related solutions is largely evolving into two camps: those that take a technology-based approach and those that take a process-based approach.
  • Technology-based and process-based solutions each have optimal applications. However, the most successful solutions will likely be those that successfully take advantage of aspects of both approaches, applying each for their respective strengths.

Features and Benefits

  • Compares the two predominant approaches toward GDPR compliance solution functionality currently being taken by technology vendors in the market.
  • Assesses the distinctions between technology-based solution approaches and process-based solution approaches in the GDPR compliance solution market.
  • Identifies key characteristics of the GDPR framework that shape the functionality of GDPR compliance solution offerings.
  • Identifies examples of real-world GDPR requirements that benefit either from either a technology-based approach or a process-based approach.
  • Analyzes the respective strengths of the technology-based and process-based solution approaches in the context of GDPR requirements.

Key questions answered

  • How have GDPR's requirements and general framework led to the development of two distinct "camps" of approaches in the compliance solution market?
  • In the GDPR compliance solution market, what are the distinctions between the technology-based solution approach and the process-based solution approach?
  • With regard to GDPR compliance, what are the respective strengths of the technology-based solution approach and the process-based solution approach?
  • Why is neither approach (technology-based or process-based) likely to be successful in isolation for fulfilling GDPR's requirements?
  • What qualities will ultimately define the broadest, most successful GDPR compliance solutions?

Table of contents

Ovum view

  • Summary
  • GDPR's technology-agnostic framework underscores process
  • Two camps emerge in the compliance solution landscape
  • Process and technology: utilizing their respective strengths


  • Further reading
  • Author

Recommended Articles


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team: +44 7771 980316

Asia-Pacific team: +61 (0)3 960 16700

US team: +1 212-652-5335

Email us at

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now