Data processing systems for identifying and modifying processes that are subject to data subject access requests
First Claim
Patent Images
1. A personal data processing and analysis system comprising;
- one or more processors;
one or more data assets that store a plurality of personal data associated with a plurality of data subjects, each piece of the plurality of personal data being associated with a respective particular processing activity of a plurality of processing activities undertaken by an organization; and
computer memory, wherein;
the computer memory stores one or more data models defining one or more data transfers among the one or more data assets; and
the personal data processing and analysis system is configured for;
receiving a first data subject request associated with a first data subject from a remote computing device, the first data subject request comprising a request to delete one or more first pieces of personal data from the personal data processing and deletion system, the one or more first pieces of personal data being associated with the first data subject;
in response to receiving the first data subject request, identifying, based at least in part on the one or more data models and the plurality of processing activities undertaken by the organization, a respective storage location of each of the one or more first pieces of personal data on the one or more data assets;
in response to identifying the storage location of each of the one or more pieces of personal data, automatically facilitating the deletion of each of the one or more first pieces of personal data from each respective storage location;
receiving a plurality of additional data subject requests;
analyzing each of the plurality of additional data subject requests to identify a respective associated processing activity of the plurality of processing activities;
identifying a particular processing activity of the plurality of processing activities that is associated with at least a particular number of the plurality of additional data subject requests; and
in response to identifying the particular processing activity, automatically taking one or more actions related to the particular processing activity, wherein;
analyzing each of the plurality of additional data subject requests to identify the respective associated processing activity of the plurality of processing activities comprises using one or more data mapping techniques to identify each respective associated processing activity; and
using the one or more data mapping techniques to identify each respective associated processing activity comprises;
accessing each of one or more data models; and
scanning each of the one or more data models using respective personal data associated with each of the plurality of data subject requests to identify an associated respective associated processing activity.
2 Assignments
0 Petitions
Accused Products
Abstract
In particular embodiments, in response a data subject submitting a request to delete their personal data from an organization'"'"'s systems, the system may: (1) automatically determine where the data subject'"'"'s personal data is stored; (2) in response to determining the location of the data (which may be on multiple computing systems), automatically facilitate the deletion of the data subject'"'"'s personal data from the various systems; and (3) determine a cause of the request to identify one or more processing activities or other sources that result in a high number of such requests.
516 Citations
14 Claims
-
1. A personal data processing and analysis system comprising;
-
one or more processors; one or more data assets that store a plurality of personal data associated with a plurality of data subjects, each piece of the plurality of personal data being associated with a respective particular processing activity of a plurality of processing activities undertaken by an organization; and computer memory, wherein; the computer memory stores one or more data models defining one or more data transfers among the one or more data assets; and the personal data processing and analysis system is configured for; receiving a first data subject request associated with a first data subject from a remote computing device, the first data subject request comprising a request to delete one or more first pieces of personal data from the personal data processing and deletion system, the one or more first pieces of personal data being associated with the first data subject; in response to receiving the first data subject request, identifying, based at least in part on the one or more data models and the plurality of processing activities undertaken by the organization, a respective storage location of each of the one or more first pieces of personal data on the one or more data assets; in response to identifying the storage location of each of the one or more pieces of personal data, automatically facilitating the deletion of each of the one or more first pieces of personal data from each respective storage location; receiving a plurality of additional data subject requests; analyzing each of the plurality of additional data subject requests to identify a respective associated processing activity of the plurality of processing activities; identifying a particular processing activity of the plurality of processing activities that is associated with at least a particular number of the plurality of additional data subject requests; and in response to identifying the particular processing activity, automatically taking one or more actions related to the particular processing activity, wherein; analyzing each of the plurality of additional data subject requests to identify the respective associated processing activity of the plurality of processing activities comprises using one or more data mapping techniques to identify each respective associated processing activity; and using the one or more data mapping techniques to identify each respective associated processing activity comprises;
accessing each of one or more data models; and
scanning each of the one or more data models using respective personal data associated with each of the plurality of data subject requests to identify an associated respective associated processing activity. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented data processing method for processing a request to delete personal data associated with a data subject from one or more computer systems of an organization and identifying one or more patterns of related requests, the method comprising:
-
receiving, by one or more computer processors, a request from a data subject to delete the personal data associated with the data subject from one or more computer systems of an organization; and at least partially in response to receiving the request; processing the request by one or more computer processors; automatically identifying, by one or more computer processors, one or more computing devices on the one or more computer systems on which the personal data associated with the data subject is stored; in response to determining, by one or more computer processors, the one or more computing devices storing the personal data associated with the data subject, automatically facilitating the deletion of the personal data associated with the data subject from the one or more computing devices; identifying at least one request factor associated with the request; receiving a plurality of additional requests from a plurality of data subjects to delete the personal data associated with each respective data subject of the plurality of data subjects from the one or more computer systems; determining at least one related cause of the request and the plurality of additional requests based at least in part on the at least one request factor; and in response to determining that at least one related cause, automatically taking at least one action based at least in part on the determined at least one related cause, wherein; the at least one request factor comprises at least one source of the request; and the method further comprises; identifying at least one respective request factor associated with each of the plurality of additional requests; and determining the at least one related cause of the request and the plurality of additional requests based at least in part on the at least one request factor and the at least one respective request factor associated with each of the plurality of additional requests. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification