Data processing systems and methods for auditing data request compliance
First Claim
1. A non-transitory computer-readable medium storing computer-executable instructions for:
- receiving, by at least one computer processor, a data subject access request from a data subject access requestor;
automatically determining, by at least one computer processor, a type of the data subject access request, the determined type of data subject access request being selected from a group consisting of;
(1) a request to delete personal data of the data subject access requestor that is being stored by a particular organization;
(2) a request to provide, to the data subject access requestor, the personal data of the data subject access requestor that is being stored by the particular organization;
(3) a request to update the personal data of the data subject access requestor that is being stored by the particular organization; and
(4) a request to opt out of having the particular organization use the personal data of the data subject access requestor in one or more particular ways;
determining, by at least one processor, based at least partially on the determined type of data subject access request, a workflow that is to be used to process the data subject access request, wherein the workflow is a workflow for validating an identity of an individual;
after determining the workflow, facilitating, by at least one processor, the processing of the data subject access request via the workflow;
analyzing, by at least one processor, a timing of a plurality of processed data subject access requests;
receiving an audit request, to audit compliance, by the particular organization with one or more data subject access request requirements, the one or more data subject access request requirements comprising a respective time constraint for responding to each of the plurality of processed data subject access requests, the audit request comprising one or more request parameters;
performing an audit based on the one or more request parameters;
generating a report of one or more results of the audit; and
providing the report to a privacy officer associated with the particular organization.
2 Assignments
0 Petitions
Accused Products
Abstract
A privacy management system that is configured to process one or more data subject access requests and further configured to: (1) enable a data protection officer to submit an audit request; (2) perform an audit based on one or more parameters provided as part of the request (e.g., one or more parameters such as how long an average request takes to fulfill, one or more parameters related to logging and/or tracking data subject access requests and/or complaints from one or more particular customer advocacy groups, individuals, NGOs, etc.); and (3) provide one or more audit results to the officer (e.g., by displaying the results on a suitable display screen).
681 Citations
20 Claims
-
1. A non-transitory computer-readable medium storing computer-executable instructions for:
-
receiving, by at least one computer processor, a data subject access request from a data subject access requestor; automatically determining, by at least one computer processor, a type of the data subject access request, the determined type of data subject access request being selected from a group consisting of;
(1) a request to delete personal data of the data subject access requestor that is being stored by a particular organization;
(2) a request to provide, to the data subject access requestor, the personal data of the data subject access requestor that is being stored by the particular organization;
(3) a request to update the personal data of the data subject access requestor that is being stored by the particular organization; and
(4) a request to opt out of having the particular organization use the personal data of the data subject access requestor in one or more particular ways;determining, by at least one processor, based at least partially on the determined type of data subject access request, a workflow that is to be used to process the data subject access request, wherein the workflow is a workflow for validating an identity of an individual; after determining the workflow, facilitating, by at least one processor, the processing of the data subject access request via the workflow; analyzing, by at least one processor, a timing of a plurality of processed data subject access requests; receiving an audit request, to audit compliance, by the particular organization with one or more data subject access request requirements, the one or more data subject access request requirements comprising a respective time constraint for responding to each of the plurality of processed data subject access requests, the audit request comprising one or more request parameters; performing an audit based on the one or more request parameters; generating a report of one or more results of the audit; and providing the report to a privacy officer associated with the particular organization. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A privacy management computer system for auditing one or more responses to one or more data subject access requests received by a particular entity, the system comprising:
-
one or more computer processors; and computer memory operatively coupled to the one or more processors, wherein the one or more computer processors are adapted for; receiving a plurality of data subject access requests via a plurality of webforms on respective computing devices from a plurality of data subject access requestors; automatically determining a type of each data subject access request, the determined type of data subject access request being selected from a group consisting of;
(1) a request to delete personal data of a data subject access requestor that is being stored by a particular organization;
(2) a request to provide, to the data subject access requestor, the personal data of the data subject access requestor that is being stored by the particular organization;
(3) a request to update the personal data of the data subject access requestor that is being stored by the particular organization; and
(4) a request to opt out of having the particular organization use the personal data of the data subject access requestor in one or more particular ways;determining, based at least partially on the determined type of each data subject access request, a workflow that is to be used to process each request; facilitating the processing of each of the plurality of data subject access requests via the workflow; receiving an audit request to audit compliance, by the particular entity with one or more data subject access request requirements, the audit request comprising one or more request parameters, the one or more request parameters comprising one or more parameters related to a particular group of data subjects; performing the audit based on the one or more request parameters, wherein performing the audit comprises; analyzing the plurality of data subject access requestors to identify one or more members of the particular group of data subjects; identifying particular associated data subject access requests of the plurality of data subject access requests that are associated with the one or more members of the particular group of data subjects; and analyzing the particular associated data subject access requests to determine a compliance level with the one or more data subject access request requirements; generating a report of one or more results of the audit; and providing the report to a privacy officer associated with the particular entity. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification