Data processing systems for processing data subject access requests
First Claim
1. A data subject access request processing system comprising:
- one or more data subject access request management servers;
a plurality of local storage nodes, each of the plurality of local storage nodes being physically located in a distinct geographic location;
one or more processers; and
memory, wherein the one or more processers are configured for;
receiving, from a remote computing device, at the one or more data subject access request management servers, a data subject access request for a data subject, the request comprising one or more request parameters;
identifying, based at least in part on the data subject access request, a particular local storage node of the plurality of local storage nodes;
routing the data subject access request from the one or more data subject access request management servers to the particular local storage node;
processing the request at the particular local storage node by identifying one or more pieces of personal data associated with the data subject, the one or more pieces of personal data being stored in one or more data repositories associated with a particular organization;
taking one or more actions based at least in part on the data subject access request, the one or more actions including one or more actions related to the one or more pieces of personal data;
receiving one or more data retention rules;
in response to processing the data subject access request, automatically archiving the one or more pieces of personal data based at least in part on the one or more data retention rules; and
in response to archiving the one or more pieces of personal data, digitally storing metadata associated with the data subject access request.
2 Assignments
0 Petitions
Accused Products
Abstract
In particular embodiments, a data subject request processing system may be configured to utilize one or more local storage nodes in order to process a data subject access request on behalf of a data subject. In particular embodiments, the one or more local storage nodes may be local to the data subject making the request (e.g., in the same country as the data subject, in the same jurisdiction, in the same geographic area, etc.). The system may, for example, be configured to: (1) receive a data subject access request from a data subject (e.g., via a web form); (2) identify a suitable local storage node based at least in part on the request and/or the data subject; (3) route the data subject access request to the identified local storage node; and (4) process the data subject access request at the identified local storage node.
-
Citations
18 Claims
-
1. A data subject access request processing system comprising:
-
one or more data subject access request management servers; a plurality of local storage nodes, each of the plurality of local storage nodes being physically located in a distinct geographic location; one or more processers; and memory, wherein the one or more processers are configured for; receiving, from a remote computing device, at the one or more data subject access request management servers, a data subject access request for a data subject, the request comprising one or more request parameters; identifying, based at least in part on the data subject access request, a particular local storage node of the plurality of local storage nodes; routing the data subject access request from the one or more data subject access request management servers to the particular local storage node; processing the request at the particular local storage node by identifying one or more pieces of personal data associated with the data subject, the one or more pieces of personal data being stored in one or more data repositories associated with a particular organization; taking one or more actions based at least in part on the data subject access request, the one or more actions including one or more actions related to the one or more pieces of personal data; receiving one or more data retention rules; in response to processing the data subject access request, automatically archiving the one or more pieces of personal data based at least in part on the one or more data retention rules; and in response to archiving the one or more pieces of personal data, digitally storing metadata associated with the data subject access request. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented data processing method for processing a data subject within a data system in order to fulfill a data subject access request, the method comprising:
-
receiving, by one or more processors, from a data subject, a data subject access request; identifying, based at least in part on the data subject access request, a particular local storage node of a plurality of local storage nodes; routing the data subject access request to the particular local storage node; processing the data subject access request at the local storage node by identifying the one or more pieces of personal data associated with the data subject, wherein identifying the one or more pieces of personal data associated with the data subject comprises scanning one or more data inventories stored within a data system for the one or more pieces of personal data; in response to identifying the one or more pieces of personal data, at least temporarily storing the one or more pieces of personal data at the local storage node; providing access, to the data subject, to the one or more pieces of data at the local storage node; accessing one or more data retention rules; in response to processing the data subject access request, automatically archiving the one or more pieces of personal data based at least in part on the one or more data retention rules; and in response to archiving the one or more pieces of personal data, digitally storing metadata associated with a completion of the data subject access request. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer-implemented data processing method for identifying one or more pieces of personal data associated with a data subject within a data system in order to fulfill a data subject access request, the method comprising:
-
receiving, by one or more processors, from a data subject, a data subject access request; determining, by one or more processors, based on the data subject access request, a location of the request; routing, by one or more processors, the data subject access request to one or more local storage nodes based at least in part on the location of the request; and processing, by one or more processors at the one or more local storage nodes, the data subject access request by identifying the one or more pieces of personal data associated with the data subject, wherein; identifying the one or more pieces of personal data associated with the data subject comprises accessing one or more data models defining a location of one or more data inventories stored within the data system for the one or more pieces of personal data; and in response to identifying the one or more pieces of personal data, taking one or more actions selected from the group consisting of; deleting the one or more pieces of personal data from the data system; modifying at least one of the one or more pieces of personal data and storing the modified at least one of the one or more pieces of personal data in the data system; and generating a report comprising the one or more pieces of personal data and providing the report to the data subject, wherein the method further comprises; accessing one or more data retention rules; in response to processing the data subject access request, automatically archiving the one or more pieces of personal data based at least in part on the one or more data retention rules; and in response to archiving the one or more pieces of personal data, digitally storing metadata associated with a completion of the data subject access request. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification