Consent receipt management systems and related methods
First Claim
Patent Images
1. A consent receipt management system comprising:
- one or more processors; and
computer memory that stores a plurality of consent records associated with a unique subject identifier, each of the plurality of consent records being associated with a respective transaction of a plurality of transactions involving a data subject and an entity, wherein the consent receipt management system is configured for;
receiving a request to initiate a transaction between the entity and the data subject, the transaction involving collection or processing of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction;
in response to receiving the request;
identifying a transaction identifier associated with the transaction;
generating, a unique consent receipt key for the transaction; and
determining a unique subject identifier for the data subject;
electronically storing the unique subject identifier, the unique consent receipt key, and the transaction identifier in computer memory;
electronically associating the unique subject identifier, the unique consent receipt key, and the transaction identifier;
generating a consent record for the transaction, the consent record comprising at least the unique subject identifier and the unique consent receipt key;
electronically transmitting the consent record to the data subject;
providing a consent receipt management portal;
displaying, to the data subject, via the consent receipt management portal, the plurality of consent records;
analyzing the plurality of consent records to identify one or more transactions associated with the unique subject identifier that require the data subject to provide confirmatory consent;
determining which of the identified one or more transactions associated with the unique subject identifier that require the data subject to provide confirmatory consent for which the data subject has not provided the confirmatory consent;
in response to determining which of the identified one or more transactions associated with the unique subject identifier that require the data subject to provide confirmatory consent for which the data subject has not provided the confirmatory consent, prompting the data subject to provide the confirmatory consent;
enabling the data subject to withdraw, via the consent receipt management portal, a consent for the collection or processing of personal data associated with the data subject by the entity as part of the transaction;
receiving a request from the data subject via the consent receipt management portal to withdraw the consent; and
in response to receiving the request to withdraw the consent;
modifying the unique consent receipt key to include data related to a time of the request to withdraw;
automatically ceasing the collection or processing of the personal data associated with the data subject as part of the transaction; and
identifying, based at least in part on one or more data models defining one or more data transfers among one or more data assets utilized by the entity for the collection or processing of the personal data, a respective storage location of each of one or more pieces of personal data associated with the data subject on the one or more data assets that was collected or processed by the entity prior to receiving the request to withdraw the consent;
in response to identifying the respective storage location of each of the one or more pieces of personal data associated with the data subject, automatically determining that a first portion of the one or more of the pieces of personal data has one or more legal bases for continued storage; and
automatically facilitating deletion of a second portion of the one or more pieces of personal data associated with the data subject that do not have one or more legal bases for continued storage, wherein the first portion of the one or more pieces of personal data is different from the second portion of the one or more pieces of personal data.
2 Assignments
0 Petitions
Accused Products
Abstract
A consent receipt management and data processing system may be configured to provide a centralized repository of consent receipt preferences for a plurality of data subjects. In various embodiments, the system is configured to provide an interface to the plurality of data subjects for modifying consent preferences and capture consent preference changes. The system may provide the ability to track the consent status of pending and confirmed consents. In other embodiments, the system may provide a centralized repository of consent receipts that a third-party system may reference when taking one or more actions related to a processing activity.
-
Citations
14 Claims
-
1. A consent receipt management system comprising:
-
one or more processors; and computer memory that stores a plurality of consent records associated with a unique subject identifier, each of the plurality of consent records being associated with a respective transaction of a plurality of transactions involving a data subject and an entity, wherein the consent receipt management system is configured for; receiving a request to initiate a transaction between the entity and the data subject, the transaction involving collection or processing of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction; in response to receiving the request; identifying a transaction identifier associated with the transaction; generating, a unique consent receipt key for the transaction; and determining a unique subject identifier for the data subject; electronically storing the unique subject identifier, the unique consent receipt key, and the transaction identifier in computer memory; electronically associating the unique subject identifier, the unique consent receipt key, and the transaction identifier; generating a consent record for the transaction, the consent record comprising at least the unique subject identifier and the unique consent receipt key; electronically transmitting the consent record to the data subject; providing a consent receipt management portal; displaying, to the data subject, via the consent receipt management portal, the plurality of consent records; analyzing the plurality of consent records to identify one or more transactions associated with the unique subject identifier that require the data subject to provide confirmatory consent; determining which of the identified one or more transactions associated with the unique subject identifier that require the data subject to provide confirmatory consent for which the data subject has not provided the confirmatory consent; in response to determining which of the identified one or more transactions associated with the unique subject identifier that require the data subject to provide confirmatory consent for which the data subject has not provided the confirmatory consent, prompting the data subject to provide the confirmatory consent; enabling the data subject to withdraw, via the consent receipt management portal, a consent for the collection or processing of personal data associated with the data subject by the entity as part of the transaction; receiving a request from the data subject via the consent receipt management portal to withdraw the consent; and in response to receiving the request to withdraw the consent; modifying the unique consent receipt key to include data related to a time of the request to withdraw; automatically ceasing the collection or processing of the personal data associated with the data subject as part of the transaction; and identifying, based at least in part on one or more data models defining one or more data transfers among one or more data assets utilized by the entity for the collection or processing of the personal data, a respective storage location of each of one or more pieces of personal data associated with the data subject on the one or more data assets that was collected or processed by the entity prior to receiving the request to withdraw the consent; in response to identifying the respective storage location of each of the one or more pieces of personal data associated with the data subject, automatically determining that a first portion of the one or more of the pieces of personal data has one or more legal bases for continued storage; and automatically facilitating deletion of a second portion of the one or more pieces of personal data associated with the data subject that do not have one or more legal bases for continued storage, wherein the first portion of the one or more pieces of personal data is different from the second portion of the one or more pieces of personal data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented data processing method for managing a plurality of consent receipts under a transaction that comprises processing, by an entity, of one or more pieces of personal data associated with one or more data subjects, the method comprising:
-
providing, by one or more processors, to the one or more data subjects, a user interface for initiating a transaction between the entity and each respective data subject of the one or more data subjects; receiving, by one or more processors, a plurality of requests to initiate a plurality of transactions, each of the plurality of transactions comprising a respective transaction between the entity and a respective data subject of the one or more data subjects; in response to receiving each of the plurality of requests, generating, by one or more processors, a unique respective consent receipt key, the unique respective consent receipt key comprising an indication of consent by each of the one or more data subjects to the processing of the one or more pieces of personal data; electronically storing and associating, by one or more processors, each unique respective consent receipt key, a unique identifier for the respective data subject, and a unique transaction identifier associated with the respective transaction of the plurality of transactions in computer memory; providing, by one or more processors, to each of the one or more data subjects, a user interface for accessing and modifying the respective consent receipt key; electronically transmitting the unique respective consent receipt key to each of the one or more data subjects; prompting each of the one or more data subjects to confirm consent by each of the one or more data subjects to the processing of the one or more pieces of personal data; receiving, from a particular data subject of the one or more data subjects, confirmation of the consent to the processing of the one or more pieces of personal data; in response to receiving the confirmation of the consent to the processing of the one or more pieces of personal data, modifying a consent receipt key associated with the particular data subject based at least in part on the confirmation; receiving an indication that a data system associated with the entity has processed a new piece of personal data associated with the particular data subject as part of a particular transaction of the plurality of transactions; in response to receiving the indication that the data system has processed the new piece of personal data, determining, based on the plurality of consent receipts, whether the particular data subject has provided the confirmation of the consent for the processing of the new piece of personal data as part of the particular transaction; in response to determining that the particular data subject has provided the confirmation of the consent, automatically processing the new piece of personal data; and in response to determining that the particular data subject has not provided the confirmation of the consent; automatically ceasing processing of the new piece of personal data; and prompting the particular data subject to provide the confirmation of the consent. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification