Abstract: In particular embodiments, computer-implemented data processing, systems, and method configured to: receive a request to initiate a transaction between an entity and a data subject, generate (i) a consent receipt for the transaction comprising at least a unique subject identifier and a unique consent receipt key and (ii) a unique cookie to identify the data subject's transaction initiated by the data subject, store the consent receipt for the transaction and the unique cookie, receive a data subject access request from the data subject, verify an identity of the data subject based at least in part on the unique cookie process the request, process the request by identifying one or more pieces of personal data associated with the data subject, and taking one or more actions based at least in part on the data subject access request.

Abstract: In particular embodiments, a Cross-Border Visualization Generation System is configured to: (1) identify one or more data assets associated with a particular entity; (2) analyze the one or more data assets to identify one or more data elements stored in the identified one or more data assets; (3) define a plurality of physical locations and identify, for each of the identified one or more data assets, a respective particular physical location of the plurality of physical locations; (4) analyze the identified one or more data elements to determine one or more data transfers between the one or more data systems in different particular physical locations; (5) determine one or more regulations that relate to the one or more data transfers; and (6) generate a visual representation of the one or more data transfers based at least in part on the one or more regulations.

Abstract: A privacy compliance measurement system, according to particular embodiments, is configured to determine compliance with one or more privacy compliance requirements by an organization or sub-group of the organization. In various embodiments, the system is configured to determine a privacy maturity rating for each of a plurality of sub-groups within an organization. In some embodiments, the privacy maturity rating is based at least in part on: (1) a frequency of risks or issues identified with Privacy Impact Assessments (PIAs) performed or completed by the one or sub-groups; (2) a relative training level of members of the sub-groups with regard to privacy related matters; (3) a breadth and amount of personal data collected by the sub-groups; and/or (4) etc. In various embodiments, the system is configured to automatically modify one or more privacy campaigns based on the determined privacy maturity ratings.

Abstract: Various Data Subject Access Request (DSAR) processing systems are adapted for presenting a first webform on a first web site, the first webform being adapted to receive DSAR's and to route the requests to a first designated individual for processing; presenting a second webform on a second web site, the second webform being adapted to receive DSAR's and to route the requests to a second designated individual for processing; receiving, via the first webform, a first DSAR; at least partially in response to the receiving the first DSAR, automatically routing the first DSAR to the first designated individual for handling; receiving, via the second webform, a second DSAR; at least partially in response to the receiving the second DSAR, automatically routing the second DSAR to the second designated individual for handling; and communicating a status of both the first DSAR and the second DSAR via a single user interface.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for efficiently processing data to allow for the streamlined assessment of risk ratings for one or more vendors. In various embodiments, the systems/methods may use one or more particular vendor attributes (e.g., as determined from scanning one or more webpages associated with the particular vendor) and the contents of one or more completed privacy templates for the vendor to determine a vendor risk rating for the particular vendor. As a particular example, the system may scan a website associated with the vendor to automatically determine one or more security certifications associated with the vendor and use that information, along with information from a completed privacy template for the vendor, to calculate a vendor risk rating that indicates the risk of doing business with the vendor.

Abstract: Data processing systems and methods for retrieving data regarding a plurality of data privacy campaigns and for using that data to assess a relative risk associated with the data privacy campaign. In various embodiments, the system may be adapted to: (1) display one or more visual summaries of one or more data flow diagrams that visually depicts key features of the data flow, such as whether data is confidential and/or encrypted; (2) allow for multiple users to be assigned responsibility for populating different respective questions that are required to define the data flow; (3) automatically assess and display a relative risk associated with each campaign; and (4) automatically set, monitor, and facilitate the timely completion of an audit schedule for each campaign.

Abstract: A centralized data repository system, in various embodiments, is configured to provide a central data-storage repository (e.g., one or more servers, databases, etc.) for the centralized storage of personally identifiable information (PII) and/or personal data for one or more particular data subjects. In particular embodiments, the centralized data repository may enable the system to populate one or more data models (e.g., using one or more suitable techniques described above) substantially on-the-fly (e.g., as the system collects, processes, stores, etc. personal data regarding a particular data subject). In this way, in particular embodiments, the system is configured to maintain a substantially up-to-date data model for a plurality of data subjects (e.g., each particular data subject for whom the system collects, processes, stores, etc. personal data).

Abstract: In particular embodiments, a Cross-Border Visualization Generation System is configured to: (1) identify one or more data assets associated with a particular entity; (2) analyze the one or more data assets to identify one or more data elements stored in the identified one or more data assets; (3) define a plurality of physical locations and identify, for each of the identified one or more data assets, a respective particular physical location of the plurality of physical locations; (4) analyze the identified one or more data elements to determine one or more data transfers between the one or more data systems in different particular physical locations; (5) determine one or more regulations that relate to the one or more data transfers; and (6) generate a visual representation of the one or more data transfers based at least in part on the one or more regulations.

Abstract: In various embodiments, an organization may be required to comply with one or more legal or industry requirements related to the storage of personal data (e.g., which may, for example, include personally identifiable information) even when responding to and fulfilling Data Subject Access Requests. In particular, when responding to a DSAR, the system may compile one or more pieces of personal data for provision to a data subject. The system may store this compilation of personal data at least temporarily in order to provide access to the data to the data subject. As such, the system may be configured to implement one or more data retention rules in order to ensure compliance with any legal or industry requirements related to the temporary storage of the collected data while still fulfilling any requirements related to providing the data to data subjects that request it, deleting the data upon request, etc.

Abstract: In various embodiments, a personal data processing system may require guardian consent (e.g., parental consent) for a data subject in order to collect, store, and or process the subject's personal data. The system may prompt the data subject to initiate a request for guardian consent or the system may initiate a request for guardian consent without initiation from the data subject (e.g., in the background of a transaction). In some embodiments, the system may require guardian consent when a data subject is under the age for valid consent for the particular type of personal data that will be collected as part of a particular transaction. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects and/or from guardians on their behalf (e.g., in the case of a minor data subject).

Abstract: In particular embodiments, in response a data subject submitting a request to delete their personal data from an organization's systems, the system may: (1) automatically determine where the data subject's personal data is stored; (2) in response to determining the location of the data (which may be on multiple computing systems), automatically facilitate the deletion of the data subject's personal data from the various systems; and (3) determine a cause of the request to identify one or more processing activities or other sources that result in a high number of such requests.

Abstract: A data processing system, according to various embodiments, may receive a data subject access request that includes a request to delete personal data of a particular data subject, modify personal data of the data subject, and/or provide personal data of the data subject. At least partially in response to receiving the data subject access request, the system may determine whether the data subject access request was initiated by an automated source. At least partially in response to determining that the data subject access request was initiated by an automated source, the system may automatically take at least one action to have the data subject access request reinitiated by a human source. At least partially in response to determining that the data subject access request was initiated by a human, the system may automatically facilitate the fulfillment of the data subject access request.

Abstract: A chat robot may be used to facilitate interaction with a user in the determination of whether to initiate and process a data subject access request (DSAR). At a DSAR submission webpage, the chatbot may interact with a user to determine the information the user is in need of and/or the actions that the user may take. The chatbot may provide the information desired by the user, avoiding the processing overhead of submission and fulfillment of a DSAR. The chatbot may also facilitate completion of a DSAR on behalf of the user when needed.

Abstract: Computer systems and methods for: (1) analyzing electronic correspondence associated with a data subject (e.g., the emails within one or more email in-boxes associated with the data subject); (2) based on the analysis, identifying at least one entity that that the data subject does not actively do business with (e.g., as evidenced by the fact that the data subject no longer opens emails from the entity, and/or has set up a rule to automatically delete emails received from the entity); and (3) in response to identifying the entity as an entity that the data subject no longer does business with, at least substantially automatically populating and/or submitting a data subject access request to the entity (e.g., to delete all personal information being processed by the entity).

Abstract: Data processing systems and methods, according to various embodiments, perform privacy assessments and monitor new versions of computer code for updated features and conditions that relate to compliance with privacy standards. The systems and methods may obtain a copy of computer code (e.g., a software application or code associated with a website) that collects and/or uses personal data, and then automatically analyze the computer code to identify one or more privacy-related attributes that may impact compliance with applicable privacy standards. The system may be adapted to monitor one or more locations (e.g., an online software application marketplace, and/or a specified website) to determine whether the application or website has changed. The system may, after analyzing the computer code, display the privacy-related attributes, collect information regarding the attributes, and automatically notify one or more designated individuals (e.g.

Abstract: In particular embodiments, an Orphaned Data Action System is configured to analyze one or more data systems (e.g., data assets), identify one or more pieces of personal data that are one or more pieces of personal data that are not associated with one or more privacy campaigns of the particular organization, and notify one or more individuals of the particular organization of the one or more pieces of personal data that are one or more pieces of personal data that are not associated with one or more privacy campaigns of the particular organization.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). For example, a first data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc.

Abstract: In particular embodiments, a data subject request processing system may be configured to utilize one or more local storage nodes in order to process a data subject access request on behalf of a data subject. In particular embodiments, the one or more local storage nodes may be local to the data subject making the request (e.g., in the same country as the data subject, in the same jurisdiction, in the same geographic area, etc.). The system may, for example, be configured to: (1) receive a data subject access request from a data subject (e.g., via a web form); (2) identify a suitable local storage node based at least in part on the request and/or the data subject; (3) route the data subject access request to the identified local storage node; and (4) process the data subject access request at the identified local storage node.

Abstract: Computer-readable mediums, according to various embodiments, store computer-executable instructions for: (1) scanning computer code to determine what types of personal information the computer code collects or analyzes; (2) prompting a first one or more individuals for information regarding this aspect of the computer code (e.g., why the computer code is collecting the personal information); (3) communicating this information to a second set of one or more individuals; (4) receiving, from the second set of individuals, a recommended revision to the computer code that would facilitate the compliance of the computer code with one or more privacy standards; (5) facilitating the implementation of the revision; and (6) generating a report listing the one or more revisions that have been completed.

Abstract: In various embodiments, a system may be configured to substantially automatically determine whether to take one or more actions in response to one or more identified risk triggers (e.g., data breaches, regulation change, etc.). The system may, for example: (1) compare the potential risk trigger to one or more previous risks triggers experienced by the particular entity at a previous time; (2) identify a similar previous risk trigger (e.g., one or more previous risk triggers related to a similar change in regulation, breach of data, type of issue identified, etc.); (3) determine the relevance of the current risk trigger based at least in part on a determined relevance of the previous risk trigger; and (4) determine whether to take one or more actions to the current risk trigger based at least in part on one or more determined actions to take in response to the previous, similar risk trigger.