Data processing systems for central consent repository and related methods
First Claim
1. A computer-implemented data processing method for managing a plurality of data assets of an organization shared with a third-party data repository, the method comprising:
- identifying a form used to collect one or more pieces of personal data;
determining one or more data assets of a plurality of data assets of the organization where input data of the form is transmitted;
adding the one or more data assets to the third-party data repository with an electronic link to the form;
in response to a user submitting the form, creating a unique subject identifier associated with the user;
transmitting the unique subject identifier to the third-party data repository along with the form data provided by the user in the form, to the data asset;
digitally storing the unique subject identifier in the third-party data repository and along with the form data provided by the user in the form, in the data asset;
receiving a data subject access request from the user, wherein the data subject access request comprises a type of data subject access request and the type of data subject access request is a data subject deletion request;
accessing the third-party data repository to identify the unique subject identifier of the user;
determining which one or more data assets of the plurality of data assets of the organization include the unique subject identifier;
accessing personal data of the user stored in each of the one or more data assets of the plurality of data assets of the organization that include the unique subject identifier;
in response to accessing the personal data of the user stored in each of the one or more data assets of the plurality of data assets, automatically determining that a first portion of personal data of the user stored in the one or more data assets has one or more legal bases for continued storage;
in response to determining that the first portion of personal data of the user stored in the one or more data assets has one or more legal bases for continued storage, automatically maintaining storage of the first portion of personal data of the user stored in the one or more data assets;
automatically facilitating deletion of a second portion of personal data of the user stored in the one or more data assets for which one or more legal bases for continued storage cannot be determined, wherein the first portion of the personal data of the user stored in the one or more data assets is different from the second portion of personal data of the user stored in the one or more data assets; and
automatically marking as free one or more memory addresses associated with the second portion of personal data of the user stored in the one or more data assets associated with the user.
2 Assignments
0 Petitions
Accused Products
Abstract
A data processing central consent repository system may be configured to, for example: (1) identify a form used to collect one or more pieces of personal data, (2) determine a data asset of a plurality of data assets of the organization where input data of the form is transmitted, (3) add the data asset to the third-party data repository with an electronic link to the form, (4) in response to a user submitting the form, create a unique subject identifier to submit to the third-party data repository and, along with the form data provided by the user in the form, to the data asset, (5) submit the unique subject identifier and the form data provided by the user to the third-party data repository and the data asset, and (6) digitally store the unique subject identifier and the form data in the third-party data repository and the data asset.
-
Citations
16 Claims
-
1. A computer-implemented data processing method for managing a plurality of data assets of an organization shared with a third-party data repository, the method comprising:
-
identifying a form used to collect one or more pieces of personal data; determining one or more data assets of a plurality of data assets of the organization where input data of the form is transmitted; adding the one or more data assets to the third-party data repository with an electronic link to the form; in response to a user submitting the form, creating a unique subject identifier associated with the user; transmitting the unique subject identifier to the third-party data repository along with the form data provided by the user in the form, to the data asset; digitally storing the unique subject identifier in the third-party data repository and along with the form data provided by the user in the form, in the data asset; receiving a data subject access request from the user, wherein the data subject access request comprises a type of data subject access request and the type of data subject access request is a data subject deletion request; accessing the third-party data repository to identify the unique subject identifier of the user; determining which one or more data assets of the plurality of data assets of the organization include the unique subject identifier; accessing personal data of the user stored in each of the one or more data assets of the plurality of data assets of the organization that include the unique subject identifier; in response to accessing the personal data of the user stored in each of the one or more data assets of the plurality of data assets, automatically determining that a first portion of personal data of the user stored in the one or more data assets has one or more legal bases for continued storage; in response to determining that the first portion of personal data of the user stored in the one or more data assets has one or more legal bases for continued storage, automatically maintaining storage of the first portion of personal data of the user stored in the one or more data assets; automatically facilitating deletion of a second portion of personal data of the user stored in the one or more data assets for which one or more legal bases for continued storage cannot be determined, wherein the first portion of the personal data of the user stored in the one or more data assets is different from the second portion of personal data of the user stored in the one or more data assets; and automatically marking as free one or more memory addresses associated with the second portion of personal data of the user stored in the one or more data assets associated with the user. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented data processing method for managing a plurality of data assets of an organization with a unique subject identifier database, the method comprising:
-
receiving an indication of completion of a form associated with the organization by a data subject; determining, based at least in part on searching a unique subject identifier database, whether a unique subject identifier has been generated for the data subject; in response to determining that a unique subject identifier has not been generated for the data subject, generating a unique subject identifier for the data subject; storing the unique subject identifier for the data subject in the unique subject identifier database, wherein the unique subject identifier database electronically links each respective unique subject identifier to each of;
(i) the form associated with the organization submitted by the data subject of each respective unique subject identifier, and (ii) one or more data assets that utilize form data of the form received from the data subject;receiving a data subject access request from the data subject, wherein the data subject access request comprises a data subject deletion request; in response to receiving the data subject access request from the data subject, accessing the unique subject identifier database to identify the unique subject identifier of the data subject; determining which one or more data assets of the plurality of data assets of the organization are electronically linked to the unique subject identifier; accessing personal data of the data subject stored in each of the one or more data assets of the plurality of data assets of the organization that are electronically linked to the unique subject identifier; in response to accessing the personal data of the data subject stored in each of the one or more data assets of the plurality of data assets, automatically determining that a first portion of personal data of the data stored in the one or more data assets has one or more legal bases for continued storage; in response to determining that the first portion of personal data of the data subject stored in the one or more data assets has one or more legal bases for continued storage, automatically maintaining storage of the first portion of personal data of the data subject stored in the one or more data assets; and automatically facilitating deletion of a second portion of personal data of the data subject stored in the one or more data assets for which one or more legal bases for continued storage cannot be determined, wherein the first portion of the personal data of the data subject stored in the one or more data assets is different from the second portion of personal data of the data subject stored in the one or more data assets. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer-implemented data processing method for managing a plurality of data assets of an organization with a unique subject identifier database, the method comprising:
-
receiving an indication of completion of a form associated with the organization by a data subject; determining, based at least in part on searching a unique subject identifier database, whether a unique subject identifier has been generated for the data subject; in response to determining that a unique subject identifier has been generated for the data subject, accessing the unique subject identifier database; identifying the unique subject identifier of the data subject based at least in part on form data provided by the data subject in the completion of the form associated with the organization; updating the unique subject identifier database to include an electronic link between the unique subject identifier of the data subject and each of (i) the form submitted by the data subject of each respective unique subject identifier, and (ii) one or more data assets that utilize the form data of the form received from the data subject; receiving a data subject access request from the data subject, wherein the data subject access request comprises a type of data subject access request, and wherein the type of data subject access request is selected from a group consisting of; a subject'"'"'s rights request, and a data subject deletion request; accessing the unique subject identifier database to identify the unique subject identifier of the data subject; determining which one or more data assets of the plurality of data assets of the organization include the unique subject identifier of the data subject; and accessing personal data of the data subject stored in each of the one or more data assets of the plurality of data assets of the organization that include the unique subject identifier; in response to accessing the personal data of the data subject stored in each of the one or more data assets of the plurality of data assets, automatically determining that a first portion of personal data of the data subject stored in the one or more data assets has one or more legal bases for continued storage; in response to determining that the first portion of personal data of the data subject stored in the one or more data assets has one or more legal bases for continued storage, automatically maintaining storage of the first portion of personal data of the data subject stored in the one or more data assets; automatically facilitating deletion of a second portion of personal data of the data subject stored in the one or more data assets for which one or more legal bases for continued storage cannot be determined, wherein the first portion of the personal data of the data subject stored in the one or more data assets is different from the second portion of personal data of the data subject stored in the one or more data assets; and automatically marking one or more memory addresses associated with the second portion of personal data of the data subject stored in the one or more data assets associated with the data subject as free. - View Dependent Claims (14, 15, 16)
-
Specification