Data processing systems for fulfilling data subject access requests and related methods
First Claim
Patent Images
1. A computer-implemented data processing method for responding to a data subject access request, the method comprising:
- receiving, by one or more computer processors, a data subject access request from a requestor comprising one or more request parameters, wherein the one or more request parameters comprise one or more pieces of personal data associated with the requestor;
validating, by the one or more computer processors, an identity of the requestor based at least in part on the one or more request parameters;
in response to validating the identity of the requestor, determining, by the one or more computer processors, based on fulfillment constraint data, whether the data subject access request is subject to one or more response fulfillment constraints associated with the requestor, wherein determining whether the data subject access request is subject to one or more response fulfillment constraints comprises determining whether the data subject request comprises one of a threshold quantity of data subject access requests from the requestor within a threshold time period;
in response to determining that the data subject access request is subject to one or more response fulfillment constraints, notifying, by the one or more computer processors, the requestor that the data subject access request is subject to one or more limitations, and taking at least one action based on the data subject access request and the one or more limitations, wherein the at least one action comprises denying the data subject access request, or requesting one or more processing fees prior to fulfilling the request; and
in response to determining that the data subject access request is not subject to one or more response fulfillment constraints;
(1) identifying, by one or more computer processors, the one or more pieces of personal data associated with the requestor, the one or more pieces of personal data being stored in one or more data repositories associated with a particular organization, and(2) data using the one or more pieces of personal data to fulfill the data subject access request; and
updating the fulfillment constraint data, in computer memory, to reflect that the data subject access request has been made.
2 Assignments
0 Petitions
Accused Products
Abstract
Responding to a data subject access request includes receiving the request and validating an identity of the requestor. In response to validating the identity of the requestor, a computer processor determines whether the data subject access request is subject to fulfillment constraints. If so, then the computer processor notifies the requestor that the data subject access request is subject to one or more limitations and the computer processor takes action based on those limitations. Fulfillment constraint data is updated and maintained in a database or server.
-
Citations
27 Claims
-
1. A computer-implemented data processing method for responding to a data subject access request, the method comprising:
-
receiving, by one or more computer processors, a data subject access request from a requestor comprising one or more request parameters, wherein the one or more request parameters comprise one or more pieces of personal data associated with the requestor; validating, by the one or more computer processors, an identity of the requestor based at least in part on the one or more request parameters; in response to validating the identity of the requestor, determining, by the one or more computer processors, based on fulfillment constraint data, whether the data subject access request is subject to one or more response fulfillment constraints associated with the requestor, wherein determining whether the data subject access request is subject to one or more response fulfillment constraints comprises determining whether the data subject request comprises one of a threshold quantity of data subject access requests from the requestor within a threshold time period; in response to determining that the data subject access request is subject to one or more response fulfillment constraints, notifying, by the one or more computer processors, the requestor that the data subject access request is subject to one or more limitations, and taking at least one action based on the data subject access request and the one or more limitations, wherein the at least one action comprises denying the data subject access request, or requesting one or more processing fees prior to fulfilling the request; and in response to determining that the data subject access request is not subject to one or more response fulfillment constraints; (1) identifying, by one or more computer processors, the one or more pieces of personal data associated with the requestor, the one or more pieces of personal data being stored in one or more data repositories associated with a particular organization, and (2) data using the one or more pieces of personal data to fulfill the data subject access request; and updating the fulfillment constraint data, in computer memory, to reflect that the data subject access request has been made. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-implemented data processing method for responding to a data subject access request, the method comprising:
-
storing, by one or more computer processors, fulfillment constraint data in one or more databases or servers, the fulfillment constraint data corresponding to a plurality of data subject access requests from a plurality of requestors; receiving, by the one or more computer processors, a particular data subject access request from a particular one of the requestors, the particular data subject access request comprising one or more request parameters, wherein the one or more request parameters comprise one or more pieces of personal data associated with the particular requestor; retrieving, by the one or more computer processors, fulfillment constraint data associated with the data subject access request from the one or more databases or servers based on the one or more request parameters, wherein the fulfillment constraint data associated the data subject access request comprises at least one of;
a quantity of data subject access requests associated with the requestor within a threshold time period, a threshold quantity of data subject access requests within the threshold period of time, or a determination as to whether the quantity of data subject access requests associated with the requestor within the threshold period of time exceeds the threshold quantity of data subject access requests;taking, by the one or more computer processors, one or more actions based at least in part on the data subject access request and the fulfillment constraint data, the one or more actions being related to the one or more pieces of personal data associated with the requestor, wherein the one or more actions comprises denying the data subject access request or requesting one or more processing fees prior to fulfilling the request based at least in part on the data subject access request; and updating, by the one or more computer processors, the fulfillment constraint data in one or more databases or servers to store information associated with the data subject access request received from the requestor. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A computer-implemented data processing method for responding to a data subject access request, the method comprising:
-
receiving, by one or more computer processors, a data subject access request from a requestor, the request comprising one or more request parameters, wherein the one or more request parameters comprise one or more pieces of personal data associated with the requestor; validating, by the one or more computer processors, an identity of the requestor based at least in part on the one or more request parameters; in response to validating the identity of the requestor, retrieving, by the one or more computer processors, fulfillment constraint data associated with the data subject access request from a third party repository server storing information regarding a plurality of data subject access requests from a plurality of requestors and a plurality of data subject access request sources, wherein the fulfillment constraint data comprises at least one of;
a quantity of data subject access requests associated with the requestor within a threshold time period, a threshold quantity of data subject access requests within the threshold period of time, or a determination as to whether the quantity of data subject access requests associated with the requestor within the threshold period of time exceeds the threshold quantity of data subject access requests;determining, by the one or more computer processors, that the data subject access request is subject to one or more response fulfillment constraints based on the fulfillment constraint data; in response to determining that the data subject access request is subject to one or more response fulfillment constraints based on the fulfillment constraint data; (1) notifying, by the one or more computer processors, the requestor that the data subject access request is subject to one or more limitations; and (2) denying, by the one or more computer processors, the data subject access request or requesting one or more processing fees prior to fulfilling the request by taking one or more actions based at least in part on the data subject access request. - View Dependent Claims (23, 24, 25, 26, 27)
-
Specification