Data processing systems for fulfilling data subject access requests and related methods
First Claim
1. A computer system for processing a request to delete personal data from a plurality of computing devices associated with a particular organization, the computer system comprising:
- one or more computer processors;
computer memory embodied in one or more computer storage locations operatively coupled to the one or more computer processors that stores particular computer code, wherein the computer system is configured for;
receiving a plurality of delete personal data requests, each delete personal data request of the plurality of delete personal data requests being a request, from a respective data subject, to delete personal data associated with the data subject from one or more computer storage locations; and
at least partially in response to receiving each respective delete personal data request;
automatically using a data model to identify at least one computer storage location of the one or more computer storage locations on which first respective personal data associated with the respective data subject is stored, wherein;
the data model;
defines the at least one computer storage location utilized in the storage of a plurality of different items of personal data for each respective data subject as part of a processing activity;
stores information regarding respective storage locations of the plurality of different items of personal data for each respective data subject; and
comprises a respective data inventory for each of the one or more computer storage locations and maps one or more relationships between one or more aspects of each data inventory and the one or more computer storage locations; and
automatically using the data model to identify the at least one computer storage location comprises using a unique identifier associated with the respective data subject in combination with the data model to identify the at least one computer storage location as storing the first respective personal data associated with the respective data subject; and
at least partially in response to identifying the at least one computer storage location as storing the first respective personal data associated with the respective data subject, facilitating the deletion of the first respective personal data from the at least one computer storage location, wherein using the unique identifier associated with the respective data subject in combination with the data model to identify the at least one computer storage location as storing the first respective personal data associated with the respective data subject comprises;
analyzing each respective data inventory to identify one or more data inventory attributes associated with each of the one or more computer storage locations; and
scanning the one or more data inventory attributes using the unique identifier to determine the at least one computer storage location.
2 Assignments
0 Petitions
Accused Products
Abstract
In particular embodiments, in response a data subject submitting a request to delete their personal data from an organization'"'"'s systems, the system may: (1) automatically determine where the data subject'"'"'s personal data is stored; and (2) in response to determining the location of the data (which may be on multiple computing systems), automatically facilitate the deletion of the data subject'"'"'s personal data from the various systems (e.g., by automatically assigning a plurality of tasks to delete data across multiple business systems to effectively delete the data subject'"'"'s personal data from the systems).
859 Citations
19 Claims
-
1. A computer system for processing a request to delete personal data from a plurality of computing devices associated with a particular organization, the computer system comprising:
-
one or more computer processors; computer memory embodied in one or more computer storage locations operatively coupled to the one or more computer processors that stores particular computer code, wherein the computer system is configured for; receiving a plurality of delete personal data requests, each delete personal data request of the plurality of delete personal data requests being a request, from a respective data subject, to delete personal data associated with the data subject from one or more computer storage locations; and at least partially in response to receiving each respective delete personal data request; automatically using a data model to identify at least one computer storage location of the one or more computer storage locations on which first respective personal data associated with the respective data subject is stored, wherein;
the data model;defines the at least one computer storage location utilized in the storage of a plurality of different items of personal data for each respective data subject as part of a processing activity; stores information regarding respective storage locations of the plurality of different items of personal data for each respective data subject; and comprises a respective data inventory for each of the one or more computer storage locations and maps one or more relationships between one or more aspects of each data inventory and the one or more computer storage locations; and automatically using the data model to identify the at least one computer storage location comprises using a unique identifier associated with the respective data subject in combination with the data model to identify the at least one computer storage location as storing the first respective personal data associated with the respective data subject; and at least partially in response to identifying the at least one computer storage location as storing the first respective personal data associated with the respective data subject, facilitating the deletion of the first respective personal data from the at least one computer storage location, wherein using the unique identifier associated with the respective data subject in combination with the data model to identify the at least one computer storage location as storing the first respective personal data associated with the respective data subject comprises; analyzing each respective data inventory to identify one or more data inventory attributes associated with each of the one or more computer storage locations; and scanning the one or more data inventory attributes using the unique identifier to determine the at least one computer storage location. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer system for processing a request to delete personal data from a plurality of computing devices associated with a particular organization, the computer system comprising:
-
one or more computer processors; computer memory embodied in one or more computer storage locations operatively coupled to the one or more computer processors that stores particular computer code, wherein the computer system is configured for; receiving, by the one or more computer processors, a plurality of delete personal data requests, each delete personal data request being a request, from a respective data subject, to delete personal data associated with the data subject; and at least partially in response to receiving each respective request of the plurality of requests; automatically identifying, by the one or more computer processors, at least one computing device of the one or more computer storage locations on which the personal data associated with the respective data subject is stored, wherein identifying the at least one computing device comprises; accessing, by the one or more computer processors, a data model defining;
at least one storage location where a plurality of pieces of personal data are stored as part of a processing activity;
at least one transfer location to which the plurality of pieces of personal data are transferred from the at least one storage location as part of the processing activity; andusing a unique identifier associated with the respective data subject, in combination with the data model, to identify the personal data associated with the respective data subject; and in response to identifying, by the one or more computer processors, the at least one computing device on which the personal data associated with the respective data subject is stored, automatically facilitating deletion of the personal data associated with the respective data subject from the at least one storage location and the at least one transfer location, wherein; the data model comprises a respective data inventory for each of the one or more computer storage locations and maps one or more relationships between one or more aspects of each data inventory and the one or more computer storage locations; using the unique identifier associated with the respective data subject in combination with the data model to identify the personal data associated with the respective data subject comprises;
analyzing each respective data inventory to identify one or more data inventory attributes associated with each of the one or more computer storage locations; and
scanning the one or more data inventory attributes using the unique identifier to determine the at least one computing device of the one or more computer storage locations. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A personal data processing and deletion system comprising;
-
one or more processors; one or more data assets that store a plurality of personal data associated with a plurality of data subjects, each piece of the plurality of personal data being associated with a respective particular processing activity of a plurality of processing activities undertaken by an organization; and computer memory, wherein; the computer memory stores one or more data models defining one or more data transfers among the one or more data assets; and the data processing and deletion system is configured for; receiving a first data subject request associated with a first data subject from a remote computing device, the first data subject request comprising a request to delete one or more first pieces of personal data from the personal data processing and deletion system, one or more first pieces of personal data being associated with the first data subject; in response to receiving the first data subject request, identifying, based at least in part on the one or more data models and the plurality of processing activities undertaken by the organization, a respective storage location of each of the one or more first pieces of personal data on the one or more data assets; and in response to identifying the respective storage location of each of the one or more pieces of personal data, automatically facilitating the deletion of each of the one or more first pieces of personal data from each respective storage location, wherein; the one or more data models comprise a respective data inventory for each of the one or more data assets and maps one or more relationships between one or more aspects of each data inventory and the one or more data assets; and the data processing and deletion system is further configured for using a unique identifier associated with the first data subject in combination with the one or more data models to identify the one or more first pieces of personal data data subject comprises;
analyzing each respective data inventory to identify one or more data inventory attributes associated with each of the one or more data assets; and
scanning the one or more data inventory attributes using the unique identifier to determine the respective storage location of each of the one or more first pieces of personal data on the one or more data assets. - View Dependent Claims (18, 19)
-
Specification