Abstract: A particular organization may undertake a plurality of different privacy campaigns, processing activities, etc. that involve the collection and storage of personal data. The system may be configured to collect customer satisfaction data, for example: (1) as part of a data subject access request submission form; (2) when providing one or more results of a data subject access request to the data subject; or (3) at any other suitable time. The customer satisfaction data may be collected in the form of a suitable survey, free-form response questionnaire, etc. (e.g., thumbs up vs. thumbs down, etc.). Additionally, by integrating a feedback survey with the data subject access request process, the system may increase a number of consumers that provide responses to the feedback survey. In particular embodiments, the system is configured to require the requestor to respond to the feedback survey prior to submitting the data subject access request.

Abstract: In particular embodiments, in response a data subject submitting a request to delete their personal data from an organization's systems, the system may: (1) automatically determine where the data subject's personal data is stored; (2) in response to determining the location of the data (which may be on multiple computing systems), automatically facilitate the deletion of the data subject's personal data from the various systems; and (3) determine a cause of the request to identify one or more processing activities or other sources that result in a high number of such requests.

Abstract: Data stored on a data asset may be migrated to another data asset while maintaining compliance to applicable regulations. A data asset may experience a failure. Based on the type of data stored by that data asset and the applicable regulations, requirements, and/or restrictions that relate to a transfer of that type data from that data asset, a target data asset may be determined. The data stored on the data asset may then be transferred to the target data asset. The disclosed systems may use data models and/or data maps in determining the requirements for a data transfer and selecting target data assets.

Abstract: In particular embodiments, a data subject request processing system may be configured to utilize one or more local storage nodes in order to process a data subject access request on behalf of a data subject. In particular embodiments, the one or more local storage nodes may be local to the data subject making the request (e.g., in the same country as the data subject, in the same jurisdiction, in the same geographic area, etc.). The system may, for example, be configured to: (1) receive a data subject access request from a data subject (e.g., via a web form); (2) identify a suitable local storage node based at least in part on the request and/or the data subject; (3) route the data subject access request to the identified local storage node; and (4) process the data subject access request at the identified local storage node.

Abstract: In particular embodiments, a Personal Data Deletion System is configured to: (1) at least partially automatically identify and delete personal data that an entity is required to erase under one or more of the conditions discussed above; and (2) perform one or more data tests after the deletion to confirm that the system has, in fact, deleted any personal data associated with the data subject. The system may, for example, be configured to test to ensure the data has been deleted by: (1) submitting a unique token of data through a form to a system; (2) in response to passage of an expected data retention time, test the system by calling into the system after the passage of the data retention time to search for the unique token.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). For example, a first data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc.

Abstract: In particular embodiments, an Orphaned Data Action System is configured to analyze one or more data systems (e.g., data assets), identify one or more pieces of personal data that are one or more pieces of personal data that are not associated with one or more privacy campaigns of the particular organization, and notify one or more individuals of the particular organization of the one or more pieces of personal data that are one or more pieces of personal data that are not associated with one or more privacy campaigns of the particular organization.

Abstract: Computer systems and methods for: (1) analyzing electronic correspondence associated with a data subject (e.g., the emails within one or more email in-boxes associated with the data subject); (2) based on the analysis, identifying at least one entity that that the data subject does not actively do business with (e.g., as evidenced by the fact that the data subject no longer opens emails from the entity, and/or has set up a rule to automatically delete emails received from the entity); and (3) in response to identifying the entity as an entity that the data subject no longer does business with, at least substantially automatically populating and/or submitting a data subject access request to the entity (e.g., to delete all personal information being processed by the entity).

Abstract: An application privacy analysis system is described, where the system obtains an application and analyzes it for privacy related data use. The system may determine privacy related activities of the application from established sources of such data and/or may decompile the application and analyze the resulting code to determine the privacy related activities of the application. The system may execute the application and monitor the communications traffic exchanged by the application to determine privacy related activities of the application. The system may store the results of such analyses for future reference.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). The system may be configured to identify particular data assets and/or personal data in data repositories using any suitable intelligent identity scanning technique.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: In particular embodiments, a Data Transfer Risk Identification System may be configured to analyze one or more data systems (e.g., data assets), identify data transfers between/among those systems, apply data transfer rules to each data transfer record, perform a data transfer assessment on each data transfer record based on the data transfer rules to be applied to each data transfer record, and calculate a risk score for the data transfer based at least in part on the one or more data transfer risks associated with the data transfer record.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: A data processing central consent repository system may be configured to, for example: (1) identify a form used to collect one or more pieces of personal data, (2) determine a data asset of a plurality of data assets of the organization where input data of the form is transmitted, (3) add the data asset to the third-party data repository with an electronic link to the form, (4) in response to a user submitting the form, create a unique subject identifier to submit to the third-party data repository and, along with the form data provided by the user in the form, to the data asset, (5) submit the unique subject identifier and the form data provided by the user to the third-party data repository and the data asset, and (6) digitally store the unique subject identifier and the form data in the third-party data repository and the data asset.

Abstract: A consent receipt management system may, for example, be configured to track data on behalf of an entity that collects and/or processes persona data related to: (1) who consented to the processing or collection of personal data; (2) when the consent was given (e.g., a date and time); (3) what information was provided to the consenter at the time of consent (e.g., a privacy policy, what personal data would be collected following the provision of the consent, for what purpose that personal data would be collected, etc.); (4) how consent was received (e.g., one or more copies of a data capture form, webform, etc. via which consent was provided by the consenter); (5) when consent was withdrawn (e.g., a date and time of consent withdrawal if the consenter withdraws consent); and/or (6) any other suitable data related to receipt or withdrawal of consent.

Abstract: A consent receipt management and data processing system may be configured to provide a centralized repository of consent receipt preferences for a plurality of data subjects. In various embodiments, the system is configured to provide an interface to the plurality of data subjects for modifying consent preferences and capture consent preference changes. The system may provide the ability to track the consent status of pending and confirmed consents. In other embodiments, the system may provide a centralized repository of consent receipts that a third-party system may reference when taking one or more actions related to a processing activity.

Abstract: In particular embodiments, a Data Access Webform Crawling System is configured to: (1) identify a webform used to collect one or more pieces of personal data; (2) robotically complete the identified webform; (3) analyze the completed webform to determine one or more processing activities that utilize the one or more pieces of personal data collected by the webform; (4) identify a first data asset in the data model that is associated with the one or more processing activities; (5) modify a data inventory for the first data asset in the data model to include data associated with the webform; and (6) modify the data model to include the modified data inventory for the first data asset.

Abstract: Responding to a data subject access request includes receiving the request and identifying the requestor and source. In response to identifying the requestor and source, a computer processor determines whether the data subject access request is subject to fulfillment constraints, including whether the requestor or source is malicious. If so, then the computer processor denies the request or requests a processing fee prior to fulfillment. If not, then the computer processor fulfills the request.