Data processing systems for fulfilling data subject access requests and related methods
First Claim
1. A non-transitory computer-readable medium storing computer-executable instructions for processing a request to delete a data subject'"'"'s personal data from a plurality of computer systems associated with a particular organization by:
- receiving a request from a data subject to delete personal data associated with the data subject; and
at least partially in response to receiving the request;
automatically using a data model to identify;
(A) a first computing device on which first personal data associated with the data subject is stored; and
(B) a second computing device on which second personal data associated with the data subject is stored, wherein;
the data model defines;
at least one storage location utilized in the storage of a plurality of different items of personal data for the data subject as part of a processing activity; and
at least one transfer location to which the at least one storage location transfers the plurality of different items of personal data for the data subject; and
automatically using the data model to identify the first computing device and the second computing device comprises scanning, using a unique identifier associated with the data subject, the plurality of different items of personal data for the data subject to identify the first personal data associated with the data subject and the second personal data associated with the data subject;
at least partially in response to identifying the first computing device on which the first personal data associated with the data subject is stored, facilitating the deletion of the first personal data from the first computing device; and
at least partially in response to identifying the second computing device on which the second personal data associated with the data subject is stored, facilitating the deletion of the second personal data from the second computing device, wherein;
the data model stores information regarding respective storage locations of the plurality of different items of personal data for the data subject.
2 Assignments
0 Petitions
Accused Products
Abstract
In particular embodiments, in response a data subject submitting a request to delete their personal data from an organization'"'"'s systems, the system may: (1) automatically determine where the data subject'"'"'s personal data is stored; and (2) in response to determining the location of the data (which may be on multiple computing systems), automatically facilitate the deletion of the data subject'"'"'s personal data from the various systems (e.g., by automatically assigning a plurality of tasks to delete data across multiple business systems to effectively delete the data subject'"'"'s personal data from the systems).
-
Citations
18 Claims
-
1. A non-transitory computer-readable medium storing computer-executable instructions for processing a request to delete a data subject'"'"'s personal data from a plurality of computer systems associated with a particular organization by:
-
receiving a request from a data subject to delete personal data associated with the data subject; and at least partially in response to receiving the request; automatically using a data model to identify;
(A) a first computing device on which first personal data associated with the data subject is stored; and
(B) a second computing device on which second personal data associated with the data subject is stored, wherein;the data model defines; at least one storage location utilized in the storage of a plurality of different items of personal data for the data subject as part of a processing activity; and at least one transfer location to which the at least one storage location transfers the plurality of different items of personal data for the data subject; and automatically using the data model to identify the first computing device and the second computing device comprises scanning, using a unique identifier associated with the data subject, the plurality of different items of personal data for the data subject to identify the first personal data associated with the data subject and the second personal data associated with the data subject; at least partially in response to identifying the first computing device on which the first personal data associated with the data subject is stored, facilitating the deletion of the first personal data from the first computing device; and at least partially in response to identifying the second computing device on which the second personal data associated with the data subject is stored, facilitating the deletion of the second personal data from the second computing device, wherein; the data model stores information regarding respective storage locations of the plurality of different items of personal data for the data subject. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented data processing method for processing a request to delete personal data associated with a data subject from one or more computer systems of an organization, the method comprising:
-
receiving, by one or more computer processors, a request from a data subject to delete the personal data associated with the data subject from one or more computer systems of an organization; and at least partially in response to receiving the request; processing the request by one or more computer processors; automatically identifying, by one or more computer processors, one or more computing devices on the one or more computer systems on which the personal data associated with the data subject is stored, wherein identifying the one or more computing devices on which the personal data associated with the data subject is stored comprises; using a data model to make the identification, the data model comprising information regarding a respective storage location of a plurality of different items of personal data associated with the data subject; accessing, by one or more computer processors, the data model, the data model defining; at least one storage location utilized in the storage of a plurality of personal data as part of a processing activity; at least one transfer location to which the at least one storage location transfers the plurality of personal data; and scanning, by one or more computer processors, using a unique identifier associated with the data subject, the plurality of personal data to identify the personal data associated with the data subject; and in response to determining, by one or more computer processors, the one or more computing devices storing the personal data associated with the data subject, automatically facilitating the deletion of the personal data associated with the data subject from the one or more computing devices. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer-implemented data processing method for deleting one or more pieces of personal data in response to a data subject access request, the method comprising:
-
receiving, using one or more electronic receiving means, a data subject access request from a requestor comprising one or more request parameters; accessing, using one or more electronic access means, a data model defining; at least one storage location utilized in the storage of a plurality of personal data as part of a processing activity; and at least one transfer location to which the at least one storage location transfers the plurality of personal data, wherein the data model comprises information regarding a respective storage location of each of one or more pieces of personal data associated with the requestor; and processing the request by identifying, using one or more data mapping means, the respective storage location of each of the one or more pieces of personal data associated with the requestor, the one or more pieces of personal data being stored in one or more data repositories associated with a particular organization, wherein identifying the respective storage location of each of the one or more pieces of personal data associated with the requestor comprises; scanning, using one or more electronic scanning means using a unique identifier associated with the requestor, the plurality of personal data to identify the one or more pieces of personal data associated with the requestor; and using the data model to make the identification; determining whether the one or more request parameters comprise a request to delete the one or more pieces of personal data; and in response to determining that the one or more request parameters comprise the request to delete, automatically facilitating the deletion, using one or more data deletion means, the one or more pieces of personal data. - View Dependent Claims (18)
-
Specification