Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
First Claim
1. A computer-implemented data processing method of identifying and responding to one or more potential risk triggers based on a data model, the method comprising:
- identifying, by one or more processors, a potential risk trigger for an entity;
assessing and analyzing, by one or more processors, the potential risk trigger to determine a relevance of a risk posed to the entity by the potential risk trigger;
identifying, by one or more processors, using one or more data modeling techniques, one or more data assets associated with the entity that may be affected by the potential risk trigger, wherein identifying the one or more data assets comprises;
accessing the data model to identify one or more pieces of personal data stored, collected, or processed by the one or more data assets; and
analyzing the one or more pieces of personal data to determine whether any of the one or more pieces of personal data may be affected by the potential risk trigger;
using the data model to identify one or more data elements stored in the one or more data assets, the data model comprising;
a respective digital inventory for each of the one or more data assets, each respective digital inventory comprising one or more inventory attributes selected from the group consisting of;
one or more processing activities associated with each respective data asset;
transfer data associated with each respective data asset;
the one or more pieces of personal data associated with each respective data asset; and
a data map identifying one or more electronic associations between at least two of the one or more data assets, wherein the one or more data elements comprise the one or more inventory attributes;
determining, by one or more processors, based at least in part on the one or more identified data assets and the relevance of the risk, whether to take one or more actions in response to a potential risk posed to the entity by the potential risk trigger, wherein;
the potential risk trigger comprises a change in a regulation related to collection and storage of personal data by the entity using the one or more identified data assets; and
the regulation comprises one or more transfer restrictions; and
analyzing, by one or more processors, the identified one or more data elements to determine one or more data transfers between the one or more data systems in different particular physical locations;
determining, by one or more processors, whether to take the one or more actions in response to the potential risk posed to the entity by the potential risk trigger comprises analyzing the transfer data associated with each respective data asset; and
in response to determining to take the one or more actions, taking, by one or more processors, the one or more actions.
2 Assignments
0 Petitions
Accused Products
Abstract
In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.
657 Citations
19 Claims
-
1. A computer-implemented data processing method of identifying and responding to one or more potential risk triggers based on a data model, the method comprising:
-
identifying, by one or more processors, a potential risk trigger for an entity; assessing and analyzing, by one or more processors, the potential risk trigger to determine a relevance of a risk posed to the entity by the potential risk trigger; identifying, by one or more processors, using one or more data modeling techniques, one or more data assets associated with the entity that may be affected by the potential risk trigger, wherein identifying the one or more data assets comprises; accessing the data model to identify one or more pieces of personal data stored, collected, or processed by the one or more data assets; and analyzing the one or more pieces of personal data to determine whether any of the one or more pieces of personal data may be affected by the potential risk trigger; using the data model to identify one or more data elements stored in the one or more data assets, the data model comprising; a respective digital inventory for each of the one or more data assets, each respective digital inventory comprising one or more inventory attributes selected from the group consisting of; one or more processing activities associated with each respective data asset; transfer data associated with each respective data asset; the one or more pieces of personal data associated with each respective data asset; and a data map identifying one or more electronic associations between at least two of the one or more data assets, wherein the one or more data elements comprise the one or more inventory attributes; determining, by one or more processors, based at least in part on the one or more identified data assets and the relevance of the risk, whether to take one or more actions in response to a potential risk posed to the entity by the potential risk trigger, wherein; the potential risk trigger comprises a change in a regulation related to collection and storage of personal data by the entity using the one or more identified data assets; and the regulation comprises one or more transfer restrictions; and analyzing, by one or more processors, the identified one or more data elements to determine one or more data transfers between the one or more data systems in different particular physical locations; determining, by one or more processors, whether to take the one or more actions in response to the potential risk posed to the entity by the potential risk trigger comprises analyzing the transfer data associated with each respective data asset; and in response to determining to take the one or more actions, taking, by one or more processors, the one or more actions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification