Data processing systems for fulfilling data subject access requests and related methods
First Claim
1. A non-transitory computer-readable medium storing computer-executable instructions for processing a request to delete personal data from a plurality of computing devices associated with a particular organization by:
- receiving a plurality of delete personal data requests, each delete personal data request being a request, from a respective data subject, to delete personal data associated with the data subject; and
at least partially in response to receiving each respective delete personal data request;
automatically using a data model to identify;
(A) a first computing device on which first respective personal data associated with the respective data subject is stored; and
(B) a second computing device on which second respective personal data associated with the respective data subject is stored, wherein;
the data model defines;
at least one storage location utilized in the storage of a plurality of different items of personal data for the data subject as part of a processing activity; and
at least one transfer location to which the plurality of different items of personal data for the data subject are transferred; and
automatically using the data model to identify the first computing device and the second computing device comprises;
(A) using a unique identifier associated with the data subject in combination with the data model to identify the first computing device as storing the first respective personal data associated with the respective data subject; and
(B) using the unique identifier associated with the data subject in combination with the data model to identify the second computing device as storing the second respective personal data associated with the respective data subject;
at least partially in response to identifying the first computing device as storing the first respective personal data associated with the respective data subject, facilitating the deletion of the first respective personal data from the first computing device; and
at least partially in response to identifying the second computing device as storing the second respective personal data associated with the respective data subject, facilitating the deletion of the second respective personal data from the second computing device, wherein;
the data model stores information regarding respective storage locations of the plurality of different items of personal data for the data subject.
2 Assignments
0 Petitions
Accused Products
Abstract
In particular embodiments, in response a data subject submitting a request to delete their personal data from an organization'"'"'s systems, the system may: (1) automatically determine where the data subject'"'"'s personal data is stored; and (2) in response to determining the location of the data (which may be on multiple computing systems), automatically facilitate the deletion of the data subject'"'"'s personal data from the various systems (e.g., by automatically assigning a plurality of tasks to delete data across multiple business systems to effectively delete the data subject'"'"'s personal data from the systems).
606 Citations
20 Claims
-
1. A non-transitory computer-readable medium storing computer-executable instructions for processing a request to delete personal data from a plurality of computing devices associated with a particular organization by:
-
receiving a plurality of delete personal data requests, each delete personal data request being a request, from a respective data subject, to delete personal data associated with the data subject; and at least partially in response to receiving each respective delete personal data request; automatically using a data model to identify;
(A) a first computing device on which first respective personal data associated with the respective data subject is stored; and
(B) a second computing device on which second respective personal data associated with the respective data subject is stored, wherein;the data model defines; at least one storage location utilized in the storage of a plurality of different items of personal data for the data subject as part of a processing activity; and at least one transfer location to which the plurality of different items of personal data for the data subject are transferred; and automatically using the data model to identify the first computing device and the second computing device comprises;
(A) using a unique identifier associated with the data subject in combination with the data model to identify the first computing device as storing the first respective personal data associated with the respective data subject; and
(B) using the unique identifier associated with the data subject in combination with the data model to identify the second computing device as storing the second respective personal data associated with the respective data subject;at least partially in response to identifying the first computing device as storing the first respective personal data associated with the respective data subject, facilitating the deletion of the first respective personal data from the first computing device; and at least partially in response to identifying the second computing device as storing the second respective personal data associated with the respective data subject, facilitating the deletion of the second respective personal data from the second computing device, wherein; the data model stores information regarding respective storage locations of the plurality of different items of personal data for the data subject. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented data processing method for processing requests to delete personal data associated with respective data subjects from one or more computer systems of an organization, the method comprising:
-
receiving, by one or more computer processors, a plurality of delete personal data requests, each delete personal data request being a request, from a respective data subject, to delete personal data associated with the data subject; and at least partially in response to receiving each respective request of the plurality of requests; automatically identifying, by one or more computer processors, one or more computing devices of the one or more computer systems on which the personal data associated with the respective data subject is stored, wherein identifying the one or more computing devices on which the personal data associated with the respective data subject is stored comprises; accessing, by one or more computer processors, a data model defining; at least one storage location where a plurality of pieces of personal data are stored as part of a processing activity; at least one transfer location to which the plurality of pieces of personal data are transferred from the at least one storage location as part of the processing activity; and using a unique identifier associated with the data subject, in combination with the data model, to identify the personal data associated with the respective data subject; and in response to identifying, by one or more computer processors, the one or more computing devices on which the personal data associated with the respective data subject is stored, automatically facilitating the deletion of the personal data associated with the respective data subject from the one or more computing devices. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computer-implemented data processing method for deleting one or more pieces of personal data in response to a data subject access request, the method comprising:
-
receiving, using one or more electronic receiving means, a data subject access request from a requestor comprising one or more request parameters; accessing, using one or more electronic access means, a data model defining; at least one storage location utilized in the storage of a plurality of pieces of personal data as part of a processing activity; and at least one transfer location to which the plurality of pieces of personal data are transferred, wherein the data model comprises information regarding a respective storage location of each of one or more pieces of personal data associated with the requestor; using the data model and a unique identifier associated with the requestor to identify the respective storage location of each of the one or more pieces of personal data associated with the requestor, the one or more pieces of personal data being stored in one or more data repositories associated with a particular organization; determining whether the one or more request parameters comprise a request to delete the one or more pieces of personal data; and in response to determining that the one or more request parameters comprise the request to delete, automatically facilitating the deletion, using one or more data deletion means, of the one or more pieces of personal data. - View Dependent Claims (20)
-
Specification