Abstract: Data processing systems and methods, according to various embodiments, are adapted for performing a process of procuring a vendor and sub-processes associated therewith, such as performing vendor risk assessments and providing training specific to the procurement of that particular vendor. Training requirements for the user procuring the vendor and/or for the vendor itself are determined and any deficiencies in current, valid training requirements are identified. Training to address any identified deficiencies is provided as part of the vendor procurement process. Training may be customized based on trainee and/or organization attributes to improve the effectiveness of such training.

Abstract: In particular embodiments, a consent conversion optimization system is configured to test two or more test consent interfaces against one another to determine which of the two or more consent interfaces results in a higher conversion percentage (e.g., to determine which of the two or more interfaces lead to a higher number of end users and/or data subjects providing a requested level of consent for the creation, storage and use or cookies by a particular website). The system may, for example, analyze end user interaction with each particular test consent interface to determine which of the two or more user interfaces: (1) result in a higher incidence of a desired level of provided consent; (2) are easier to use by the end users and/or data subjects (e.g., take less time to complete, require a fewer number of clicks, etc.); (3) etc.

Abstract: Systems and methods are disclosed detecting whether calls to consent rejection functions originate with an automated tool or a human user. The system can determine that a calls to a consent rejection function are likely from an automated tool by determining that a rate and/or number of calls to a function exceeds a threshold and/or that the calls are received before the interface requesting user consent preferences has been rendered to the user. The system can also require that a function call include a token that an automated tool would not have knowledge of or access to and reject function calls without this token. The system can also use private consent rejection function calls with obfuscated names and/or provide a follow up consent rejections confirmation interface requiring human user input before process a consent rejection.

Abstract: A system and method for determining consent user interface validity for a provided consent user interface of a web form presenting consent information, comprising: accessing a consent user interface presented on a web form; determining one or more configuration attributes of the consent user interface; accessing one or more privacy regulations associated with presenting consent information; comparing the one or more configuration attributes of the consent user interface to each of the one or more privacy regulations; determining whether the consent user interface is compliant with each of the one or more privacy regulations; and in response to determining that the consent user interface is not compliant with one or more privacy regulations, flagging the consent user interface.

Abstract: In various embodiments, a data processing consent capture system may be configured to prompt the data subject to consent to one or more types of data processing (e.g., to provide a desired consent) in response to identifying particular cookies (e.g., or types of data processing) that a data subject has not consented to. The system may, for example, substantially automatically prompt the data subject to consent for one or more particular types of data processing in response to determining that the user (e.g., data subject) has requested that a website or other system perform one or more functions that are not possible without a particular type of consent from the data subject. The system may, for example, prompt the user to consent in time for a certain interaction with the website, application, etc.

Abstract: A system for identifying and determining whether a particular cookie may include personal data, in any embodiment described herein, is configured to analyze collected cookies to determine whether the collected cookies may be used to directly or indirectly identify a particular individual. The system may, for example: (1) generate one or more virtual profiles; (2) use the one or more virtual profiles to access a plurality of websites; (3) collect cookie data for the plurality of websites for the one or more virtual profiles; and (4) analyze the cookie data to determine whether a particular website of the plurality of websites utilizes one or more cookies which may potentially include personal data. The system may then generate a report of the analysis, and display the report to an administrator or other individual associated with the particular website.

Abstract: Various examples for remotely controlling access to email resources are provided. In one example, one or more computing devices can be configured to provide, through an access control service, at least one user interface that enables creation of resource rules configured for use by the access control service in enforcement of one or more client devices in association with email resources. In response to input received through the at least one user interface of the access control service, the one or more computing devices can generate a resource rule that directs a client application on a client device to open an attachment of one of the email resources in an authorized secure container application.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: In particular embodiments, a Data Transfer Risk Identification System may be configured to analyze one or more data systems (e.g., data assets), identify data transfers between/among those systems, apply data transfer rules to each data transfer record, perform a data transfer assessment on each data transfer record based on the data transfer rules to be applied to each data transfer record, and calculate a risk score for the data transfer based at least in part on the one or more data transfer risks associated with the data transfer record.

Abstract: System and methods are disclosed for redacting analyzing unstructured data in a request for data associated with a data subject to determine whether the unstructured data is relevant to the request. The relevancy of pieces of the unstructured data may be determined by determining a categorization for each such piece of unstructured data and comparing them to known personal data associated with the data subject having the same categorization. Pieces of the unstructured data that do not match known personal data having the same categorization are redacted from the request before the request is processed.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for determining an applicable privacy policy based on various criteria associated with a user and the associated product or service. User and product criteria may be obtained automatically and/or based on user input and analyzed by a privacy policy rules engine to determine the applicable policy. Text from the applicable policy can then be presented to the user. A default policy can be used when no particular applicable policy can be identified using by the rules engine. Policies may be ranked or prioritized so that a policy can be selected in the event the rules engine identifies two, conflicting policies based on the criteria.

Abstract: In particular embodiments, a data processing consent management system may be configured to utilize one or more age verification techniques to at least partially authenticate the data subject's ability to provide valid consent (e.g., under one or more prevailing legal requirements) in order to collect, store, and or process the subject's personal data. For example, according to one or more particular legal or industry requirements, an individual (e.g., data subject) may need to be at least a particular age (e.g., an age of majority, an adult, over 18, over 21, over 13, or any other suitable age) in order to provide valid consent. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects in response to confirming that the data subject is old enough to provide such consent.

Abstract: Data processing systems and methods, according to various embodiments are adapted for efficiently processing data to allow for the streamlined assessment of the risk level associated with particular privacy campaigns. The systems may provide a centralized repository of templates of privacy-related question/answer pairings for various vendors, products (e.g., software products), and services. Different entities may electronically access the templates (which may be periodically updated and centrally audited) and customize the templates for evaluating the risk associated with the entities' respective business endeavors that involve the relevant vendors, products, or services.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for efficiently processing data to allow for the streamlined assessment of risk ratings for one or more vendors. In various embodiments, the systems/methods may use one or more particular vendor attributes (e.g., as determined from scanning one or more webpages associated with the particular vendor) and the contents of one or more completed templates for the vendor to determine a vendor risk rating for the particular vendor. As a particular example, the system may scan a website associated with the vendor to automatically determine one or more security certifications associated with the vendor and use that information, along with information from a completed template for the vendor, to calculate a vendor risk rating that indicates the risk of doing business with the vendor.

Abstract: A Data Subject Access Request (DSAR) Prioritization System, according to various embodiments, is adapted for (1) executing the steps of receiving a data subject access request (DSAR); (2) at least partially in response to receiving the DSAR, obtaining metadata associated with at least one of the DSAR or a data subject associated with the DSAR; (3) using the metadata to determine whether a priority of the DSAR should be adjusted based at least in part on the obtained metadata; and (4) in response to determining that the priority of the DSAR should be adjusted based at least in part on the obtained metadata, adjusting the priority of the DSAR.

Abstract: A method for scanning a website and tracking data subject interaction with the website, comprising: determining a data subject is interacting with a particular website; determining one or more website parameters associated with the particular website, the one or more website parameters associated with the particular website include scanning the particular website to determine website cookies that capture data subject information, and determining a website category of the particular website; determining a geo-location of the data subject when the data subject is interacting with the particular website; determining one or more data subject consent parameters based at least in part on the one or more website parameters associated with the particular website and the geo-location of the data subject when the data subject is interacting with the particular website; and applying the one or more data subject consent parameters to the data subject interaction with the particular website.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: In particular embodiments, a Personal Data Deletion System is configured to: (1) at least partially automatically identify and delete personal data that an entity is required to erase under one or more of the conditions discussed above; and (2) perform one or more data tests after the deletion to confirm that the system has, in fact, deleted any personal data associated with the data subject. The system may, for example, be configured to test to ensure the data has been deleted by: (1) submitting a unique token of data through a form to a system; (2) in response to passage of an expected data retention time, test the system by calling into the system after the passage of the data retention time to search for the unique token.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for efficiently processing data to allow for the streamlined assessment of risk ratings for one or more vendors. In various embodiments, the systems/methods may use one or more particular vendor attributes (e.g., as determined from scanning one or more webpages associated with the particular vendor) and the contents of one or more completed templates for the vendor to determine a vendor risk rating for the particular vendor. As a particular example, the system may scan a website associated with the vendor to automatically determine one or more security certifications associated with the vendor and use that information, along with information from a completed template for the vendor, to calculate a vendor risk rating that indicates the risk of doing business with the vendor.