Data processing systems for processing data subject access requests
First Claim
1. A computer-implemented data processing method for processing a data subject within a data system in order to fulfill a data subject access request, the method comprising:
- receiving, by one or more processors, from a data subject, a data subject access request;
identifying, based at least in part on the data subject access request, a particular local storage node of a plurality of local storage nodes;
routing the data subject access request to the particular local storage node;
processing the data subject access request at the local storage node by identifying one or more pieces of personal data associated with the data subject, wherein identifying the one or more pieces of personal data associated with the data subject comprises scanning one or more data inventories stored within a data system for the one or more pieces of personal data;
in response to identifying the one or more pieces of personal data, at least temporarily storing the one or more pieces of personal data at the local storage node;
providing access, to the data subject, to the one or more pieces of personal data at the local storage node;
receiving one or more data retention rules, the one or more data retention rules comprising;
a first rule to archive the one or more pieces of personal data in response to the data subject accessing the one or more pieces of personal data at the local storage node; and
a second rule to archive the one or more pieces of personal data in response to an expiration of a particular time period;
in response to processing the data subject access request, automatically archiving the one or more pieces of personal data based at least in part on the one or more data retention rules;
determining that the data subject has accessed the one or more pieces of personal data at the local storage node; and
in response to determining that the data subject has accessed the one or more pieces of personal data at the local storage node, automatically archiving the one or more pieces of personal data and storing metadata indicating a time of the access by the data subject; and
in response to archiving the one or more pieces of personal data, digitally storing metadata associated with a completion of the data subject access request.
2 Assignments
0 Petitions
Accused Products
Abstract
In various embodiments, an organization may be required to comply with one or more legal or industry requirements related to the storage of personal data (e.g., which may, for example, include personally identifiable information) even when responding to and fulfilling Data Subject Access Requests. In particular, when responding to a DSAR, the system may compile one or more pieces of personal data for provision to a data subject. The system may store this compilation of personal data at least temporarily in order to provide access to the data to the data subject. As such, the system may be configured to implement one or more data retention rules in order to ensure compliance with any legal or industry requirements related to the temporary storage of the collected data while still fulfilling any requirements related to providing the data to data subjects that request it, deleting the data upon request, etc.
-
Citations
19 Claims
-
1. A computer-implemented data processing method for processing a data subject within a data system in order to fulfill a data subject access request, the method comprising:
-
receiving, by one or more processors, from a data subject, a data subject access request; identifying, based at least in part on the data subject access request, a particular local storage node of a plurality of local storage nodes; routing the data subject access request to the particular local storage node; processing the data subject access request at the local storage node by identifying one or more pieces of personal data associated with the data subject, wherein identifying the one or more pieces of personal data associated with the data subject comprises scanning one or more data inventories stored within a data system for the one or more pieces of personal data; in response to identifying the one or more pieces of personal data, at least temporarily storing the one or more pieces of personal data at the local storage node; providing access, to the data subject, to the one or more pieces of personal data at the local storage node; receiving one or more data retention rules, the one or more data retention rules comprising; a first rule to archive the one or more pieces of personal data in response to the data subject accessing the one or more pieces of personal data at the local storage node; and a second rule to archive the one or more pieces of personal data in response to an expiration of a particular time period; in response to processing the data subject access request, automatically archiving the one or more pieces of personal data based at least in part on the one or more data retention rules; determining that the data subject has accessed the one or more pieces of personal data at the local storage node; and in response to determining that the data subject has accessed the one or more pieces of personal data at the local storage node, automatically archiving the one or more pieces of personal data and storing metadata indicating a time of the access by the data subject; and in response to archiving the one or more pieces of personal data, digitally storing metadata associated with a completion of the data subject access request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification