Data processing systems and methods for operationalizing privacy compliance and assessing the risk of various respective privacy campaigns
First Claim
1. A computer-implemented data processing method for electronically receiving the input of campaign data related to a privacy campaign and electronically calculating a risk level for the privacy campaign based on the data input, comprising:
- displaying, on a graphical user interface, a prompt to create an electronic record for the privacy campaign, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities;
receiving a command to create an electronic record for the privacy campaign;
creating an electronic record for the privacy campaign and digitally storing the record;
presenting, on one or more graphical user interfaces, a plurality of prompts for the input of campaign data related to the privacy campaign;
electronically receiving the campaign data via input by one or more users, wherein the campaign data comprises each of;
a description of the campaign;
an identification of one or more types of particular personal data collected as part of the campaign;
at least one subject from which the particular personal data was collected;
a storage location where the particular personal data is to be stored; and
data indicating who will have access to the particular personal data;
processing the campaign data by electronically associating the campaign data with the record for the privacy campaign;
digitally storing the campaign data associated with the electronic record for the privacy campaign;
using one or more computer processors, calculating the risk level for the privacy campaign based on the campaign data and electronically associating the risk level with the electronic record for the campaign, wherein calculating the risk level for the campaign comprises;
electronically retrieving, from a data structure, the campaign data associated with the electronic record for the campaign;
electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors comprises;
a nature of the particular personal data associated with the campaign;
a physical location of the particular personal data associated with the campaign;
a length of time that the particular personal data associated with the campaign will be retained in storage; and
a country of residence of at least one subject from which the particular personal data was collected;
electronically assigning a relative risk rating for each of the plurality of risk factors; and
electronically calculating a risk level for the campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the risk factor; and
digitally storing the risk level associated with the record for the campaign.
2 Assignments
0 Petitions
Accused Products
Abstract
Data processing systems and methods for retrieving data regarding a plurality of data privacy campaigns and for using that data to assess a relative risk associated with the data privacy campaign. In various embodiments, the system may be adapted to: (1) display one or more visual summaries of one or more data flow diagrams that visually depicts key features of the data flow, such as whether data is confidential and/or encrypted; (2) allow for multiple users to be assigned responsibility for populating different respective questions that are required to define the data flow; (3) automatically assess and display a relative risk associated with each campaign; and (4) automatically set, monitor, and facilitate the timely completion of an audit schedule for each campaign.
385 Citations
40 Claims
-
1. A computer-implemented data processing method for electronically receiving the input of campaign data related to a privacy campaign and electronically calculating a risk level for the privacy campaign based on the data input, comprising:
-
displaying, on a graphical user interface, a prompt to create an electronic record for the privacy campaign, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities; receiving a command to create an electronic record for the privacy campaign; creating an electronic record for the privacy campaign and digitally storing the record; presenting, on one or more graphical user interfaces, a plurality of prompts for the input of campaign data related to the privacy campaign; electronically receiving the campaign data via input by one or more users, wherein the campaign data comprises each of; a description of the campaign; an identification of one or more types of particular personal data collected as part of the campaign; at least one subject from which the particular personal data was collected; a storage location where the particular personal data is to be stored; and data indicating who will have access to the particular personal data; processing the campaign data by electronically associating the campaign data with the record for the privacy campaign; digitally storing the campaign data associated with the electronic record for the privacy campaign; using one or more computer processors, calculating the risk level for the privacy campaign based on the campaign data and electronically associating the risk level with the electronic record for the campaign, wherein calculating the risk level for the campaign comprises; electronically retrieving, from a data structure, the campaign data associated with the electronic record for the campaign; electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors comprises; a nature of the particular personal data associated with the campaign; a physical location of the particular personal data associated with the campaign; a length of time that the particular personal data associated with the campaign will be retained in storage; and a country of residence of at least one subject from which the particular personal data was collected; electronically assigning a relative risk rating for each of the plurality of risk factors; and electronically calculating a risk level for the campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the risk factor; and digitally storing the risk level associated with the record for the campaign. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 28, 29, 30, 31)
-
-
23. A computer-implemented data processing method for electronically receiving the input of campaign data associated with a privacy campaign and electronically calculating a risk level for the privacy campaign based on the data input comprising:
-
creating an electronic record for the privacy campaign and digitally storing the record, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities; presenting on one or more graphical user interfaces a plurality of prompts for the input of campaign data related to the privacy campaign; electronically receiving the campaign data via input by one or more users, wherein the campaign data comprises each of; a description of the campaign; an identification of one or more types of particular personal data collected a part of the campaign; at least one subject from which the particular personal data was collected; a storage location where the particular personal data is to be stored; and data indicating who will have access to the particular personal data; initiating electronic communications to facilitate the input of campaign data by the one or more users; processing the campaign data by electronically associating the campaign data with the electronic record for the privacy campaign; digitally storing the campaign data associated with the electronic record for the privacy campaign; calculating the risk level for the privacy campaign based on the campaign data and electronically associating the risk level with the electronic record for the campaign, wherein calculating the risk level for the campaign comprises; electronically retrieving, from a data structure, the campaign data associated with the record for the campaign; electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors comprises; a nature of the particular personal data associated with the campaign; a physical location of the particular personal data associated with the campaign; a length of time that the particular personal data associated with the campaign will be retained in storage; a type of individual from Which the particular personal data associated with the campaign originated; and a country of residence of at least one subject from which the personal data was collected; electronically assigning a relative risk rating for each of the plurality of factors; and electronically calculating a risk level for the campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor the risk factor; and digitally storing the risk level associated with the record for the campaign. - View Dependent Claims (24, 25, 26, 27)
-
-
32. A computer-implemented data processing method for electronically receiving the input of campaign data related to a privacy campaign and electronically calculating a risk level for the privacy campaign based on the data inputs, comprising:
-
displaying, on a graphical user interface, a prompt to create an electronic record for the privacy campaign, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities; receiving a command to create an electronic record for the privacy campaign; creating an electronic record for the privacy campaign and digitally storing the record; presenting, on one or more graphical user interfaces, a plurality of prompts for the input of the campaign data related to the privacy campaign; electronically receiving campaign data input by one or more users, wherein the campaign data comprises each of; a description of the campaign; an identification of one or more types of particular personal data collected as part of the campaign; at least one subject from which the particular personal data was collected; a storage location where the particular personal data is to be stored; and data indicating who will have access to the particular personal data; processing the campaign data by electronically associating the campaign data with the record for the privacy campaign; digitally storing the campaign data associated with the electronic record for the campaign; using one or more computer processors, calculating the risk level for the privacy campaign based on the campaign data and electronically associating the risk level with the electronic record for the campaign, wherein calculating the risk level for the campaign comprises; electronically retrieving, from a data structure, the campaign data associated with the record for the campaign; electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors comprises; a nature of the particular personal data associated with the campaign; a physical location of the particular personal data associated with the campaign; a length of time that the particular personal data associated with the campaign will be retained in storage; and a country of residence of at least one subject from which the particular personal data was collected; electronically assigning a relative risk rating for each of the plurality of risk factors; and electronically calculating a risk level for the campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the risk factor, and digitally storing the risk level associated with the record for the campaign; generating, for display, an online graphical user interface, wherein the online graphical user interface comprises computer-generated prompts to input data, and wherein the graphical user interface displays an indicator, wherein if the indicator is selected, a real-time communication session is electronically instantiated; receiving a computer-generated input from a particular user selecting the indicator; retrieving a list of one or more collaborators associated with the electronic record related to the information displayed on the online graphical user interface, wherein the list of collaborators includes the particular user and at least one other person; and electronically instantiating a real-time communication session between the particular user and the one or more collaborators in a computer-generated window, wherein the window having the real-time communications session overlays the online graphical user interface, covering at least a portion of the graphical user interface. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
-
Specification