Consent receipt management and automated process blocking systems and related methods
First Claim
1. A computer-implemented data processing method for automating processing of data of one or more data subjects, the method comprising:
- providing, by one or more processors, to the one or more data subjects, a user interface for initiating a transaction between an entity and each respective data subject of the one or more data subjects;
receiving, by one or more processors, a plurality of requests to initiate a plurality of transactions, each of the plurality of transactions comprising a respective transaction between the entity and a respective data subject of the one or more data subjects;
in response to receiving each of the plurality of requests, generating, by one or more processors, a plurality of consent receipts, each of the plurality of consent receipts comprising a unique respective consent receipt key, the unique respective consent receipt key comprising an indication of consent by each of the one or more data subjects to the processing of one or more pieces of personal data;
electronically storing and associating, by one or more processors, each unique respective consent receipt key, a unique identifier for the respective data subject, and a unique transaction identifier associated with the respective transaction of the plurality of transactions in computer memory;
receiving an indication that a data system associated with the entity has processed a new piece of personal data associated with a particular data subject of the one or more data subjects as part of a particular transaction of the plurality of transactions;
in response to receiving the indication that the data system has processed the new piece of personal data, determining, based on the plurality of consent receipts, whether the particular data subject has provided the indication of consent for the processing of the new piece of personal data as part of the particular transaction;
in response to determining that the particular data subject has provided the indication of the consent, automatically processing the new piece of personal data; and
in response to determining that the particular data subject has not provided the indication of the consent, automatically taking an action selected from the group consisting of;
automatically ceasing processing of the new piece of personal data;
identifying a legal basis for processing the new piece of personal data absent the indication of the consent, and, in response to identifying the legal basis, automatically processing the new piece of personal data; and
prompting the particular data subject to provide the indication of the consent.
2 Assignments
0 Petitions
Accused Products
Abstract
An automated process blocking system may be configured to automatically block one or more processes based on received user consent data. For example, a particular data subject may provide consent for an entity to process particular data associated with the data subject for one or more particular purposes. The system may be configured to: (1) determine that one or more entity systems are processing one or more pieces of personal data associated with a data subject; (2) identify at least one process for which the one or more pieces of personal data are being processed; (3) determine, using a consent receipt management system, whether the data subject has provided consent for the processing of the one or more pieces of personal data for the at least one process; and (4) in response to determining that the data subject has not provided valid consent, automatically blocking the processing.
-
Citations
13 Claims
-
1. A computer-implemented data processing method for automating processing of data of one or more data subjects, the method comprising:
-
providing, by one or more processors, to the one or more data subjects, a user interface for initiating a transaction between an entity and each respective data subject of the one or more data subjects; receiving, by one or more processors, a plurality of requests to initiate a plurality of transactions, each of the plurality of transactions comprising a respective transaction between the entity and a respective data subject of the one or more data subjects; in response to receiving each of the plurality of requests, generating, by one or more processors, a plurality of consent receipts, each of the plurality of consent receipts comprising a unique respective consent receipt key, the unique respective consent receipt key comprising an indication of consent by each of the one or more data subjects to the processing of one or more pieces of personal data; electronically storing and associating, by one or more processors, each unique respective consent receipt key, a unique identifier for the respective data subject, and a unique transaction identifier associated with the respective transaction of the plurality of transactions in computer memory; receiving an indication that a data system associated with the entity has processed a new piece of personal data associated with a particular data subject of the one or more data subjects as part of a particular transaction of the plurality of transactions; in response to receiving the indication that the data system has processed the new piece of personal data, determining, based on the plurality of consent receipts, whether the particular data subject has provided the indication of consent for the processing of the new piece of personal data as part of the particular transaction; in response to determining that the particular data subject has provided the indication of the consent, automatically processing the new piece of personal data; and in response to determining that the particular data subject has not provided the indication of the consent, automatically taking an action selected from the group consisting of; automatically ceasing processing of the new piece of personal data; identifying a legal basis for processing the new piece of personal data absent the indication of the consent, and, in response to identifying the legal basis, automatically processing the new piece of personal data; and prompting the particular data subject to provide the indication of the consent. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A consent receipt management and automated process blocking system comprising:
-
one or more processors; and computer memory that stores one or more consent records associated with a unique subject identifier, each of the one or more consent records being associated with a respective transaction of a plurality of transactions involving a respective data subject and an entity, wherein the consent receipt management and automated process blocking system is configured for; receiving an indication that one or more computer systems are attempting to process one or more pieces of personal data associated with a data subject; determining a purpose of processing the one or more pieces of personal data; accessing the one or more consent records; determining, based at least in part on the purpose of the processing and the one or more consent records, whether the data subject has provided valid consent to the processing of the one or more pieces of personal data for the purpose; in response to determining that the data subject has provided the valid consent, automatically processing the one or more pieces of personal data for the purpose; in response to determining that the data subject has not provided the valid consent, at least temporarily blocking the processing of the one or more pieces of personal data; providing, by the one or more processors, to one or more data subjects, a user interface for initiating a transaction between the entity and each respective data subject of the one or more data subjects; receiving, by the one or more processors, a plurality of requests to initiate the plurality of transactions, each of the plurality of transactions comprising the respective transaction between the entity and a respective data subject of the one or more data subjects; in response to receiving each of the plurality of requests, generating, by the one or more processors, a plurality of consent receipts, each of the plurality of consent receipts comprising a unique respective consent receipt key, the unique respective consent receipt key comprising an indication of consent by each of the one or more data subjects to the processing of the one or more pieces of personal data; electronically storing and associating, by the one or more processors, each unique respective consent receipt key, a unique identifier for the respective data subject of the one or more data subjects, and a unique transaction identifier associated with the respective transaction of the plurality of transactions in computer memory; receiving an indication that a data system associated with the entity has processed a new piece of personal data associated with a particular data subject of the one or more data subjects as part of a particular transaction of the plurality of transactions; in response to receiving the indication that the data system has processed the new piece of personal data, determining, based on the plurality of consent receipts, whether the particular data subject has provided the indication of consent for the processing of the new piece of personal data as part of the particular transaction; in response to determining that the particular data subject has provided the indication of the consent, automatically processing the new piece of personal data; and in response to determining that the particular data subject has not provided the indication of the consent, automatically taking an action selected from the group consisting of; automatically ceasing processing of the new piece of personal data; identifying a legal basis for processing the new piece of personal data absent the indication of the consent, and, in response to identifying the legal basis, automatically processing the new piece of personal data; and prompting the particular data subject to provide the indication of the consent. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
Specification