Abstract: Data processing systems and methods, according to various embodiments, are adapted for automatically assessing the level of security and/or privacy risk associated with doing business with a particular vendor or other entity and for generating training material for such vendors. In various embodiments, the systems may automatically obtain and use any suitable information to assess such risk levels including, for example: (1) any security and/or privacy certifications held by the vendor; (2) the terms of one or more contracts between a particular entity and the vendor; (3) the results of one or more privacy impact assessments for the vendor; and/or (4) any other suitable data. The system may be configured to automatically approve or reject a particular vendor based on the assessed risk level associated with the vendor and this information may be automatically communicated to an entity considering doing business with the vendor and/or the vendor itself.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for automatically assessing the level of security and/or privacy risk associated with doing business with a particular vendor or other entity and for generating training material for such vendors. In various embodiments, the systems may automatically obtain and use any suitable information to assess such risk levels including, for example: (1) any security and/or privacy certifications held by the vendor; (2) the terms of one or more contracts between a particular entity and the vendor; (3) the results of one or more privacy impact assessments for the vendor; and/or (4) any other suitable data. The system may be configured to automatically approve or reject a particular vendor based on the assessed risk level associated with the vendor and this information may be automatically communicated to an entity considering doing business with the vendor and/or the vendor itself.

Abstract: A centralized data repository system, in various embodiments, is configured to provide a central data-storage repository (e.g., one or more servers, databases, etc.) for the centralized storage of personally identifiable information (PII) and/or personal data for one or more particular data subjects. In particular embodiments, the centralized data repository may enable the system to populate one or more data models (e.g., using one or more suitable techniques described above) substantially on-the-fly (e.g., as the system collects, processes, stores, etc. personal data regarding a particular data subject). In this way, in particular embodiments, the system is configured to maintain a substantially up-to-date data model for a plurality of data subjects (e.g., each particular data subject for whom the system collects, processes, stores, etc. personal data).

Abstract: An automated process blocking system may be configured to automatically block one or more processes based on received user consent data. For example, a particular data subject may provide consent for an entity to process particular data associated with the data subject for one or more particular purposes. The system may be configured to: (1) determine that one or more entity systems are processing one or more pieces of personal data associated with a data subject; (2) identify at least one process for which the one or more pieces of personal data are being processed; (3) determine, using a consent receipt management system, whether the data subject has provided consent for the processing of the one or more pieces of personal data for the at least one process; and (4) in response to determining that the data subject has not provided valid consent, automatically blocking the processing.

Abstract: A privacy management system that is configured to process one or more data subject access requests and further configured to: (1) enable a data protection officer to submit an audit request; (2) perform an audit based on one or more parameters provided as part of the request (e.g., one or more parameters such as how long an average request takes to fulfill, one or more parameters related to logging and/or tracking data subject access requests and/or complaints from one or more particular customer advocacy groups, individuals, NGOs, etc.); and (3) provide one or more audit results to the officer (e.g., by displaying the results on a suitable display screen).

Abstract: In various embodiments, a system may be configured to analyze data for a particular consent capture point to identify a change in consent capture rate from the capture point. The system may, for example, be configured to automatically detect that the system has stopped receiving consent records from a particular capture point. In such embodiments, the system may be configured to generate an alert, and transmit the alert to any suitable individual (e.g., privacy team member, IT department member, etc.) regarding the capture point. The system may, for example, enable an entity to identify one or more capture points that may have become non-functional (e.g., as a result of one or more changes to the capture point).

Abstract: In particular embodiments, a Personal Data Deletion System is configured to: (1) at least partially automatically identify and delete personal data that an entity is required to erase under one or more of the conditions discussed above; and (2) perform one or more data tests after the deletion to confirm that the system has, in fact, deleted any personal data associated with the data subject. The system may, for example, be configured to test to ensure the data has been deleted by: (1) submitting a unique token of data through a form to a system; (2) in response to passage of an expected data retention time, test the system by calling into the system after the passage of the data retention time to search for the unique token.

Abstract: In particular embodiments, a consent conversion optimization system is configured to test two or more test consent interfaces against one another to determine which of the two or more consent interfaces results in a higher conversion percentage (e.g., to determine which of the two or more interfaces lead to a higher number of end users and/or data subjects providing a requested level of consent for the creation, storage and use or cookies by a particular website). The system may, for example, analyze end user interaction with each particular test consent interface to determine which of the two or more user interfaces: (1) result in a higher incidence of a desired level of provided consent; (2) are easier to use by the end users and/or data subjects (e.g., take less time to complete, require a fewer number of clicks, etc.); (3) etc.

Abstract: In particular embodiments, a Cross-Border Visualization Generation System is configured to: (1) identify one or more data assets associated with a particular entity; (2) analyze the one or more data assets to identify one or more data elements stored in the identified one or more data assets; (3) define a plurality of physical locations and identify, for each of the identified one or more data assets, a respective particular physical location of the plurality of physical locations; (4) analyze the identified one or more data elements to determine one or more data transfers between the one or more data systems in different particular physical locations; (5) determine one or more regulations that relate to the one or more data transfers; and (6) generate a visual representation of the one or more data transfers based at least in part on the one or more regulations.

Abstract: A data processing central consent repository system may be configured to, for example: (1) identify a form used to collect one or more pieces of personal data, (2) determine a data asset of a plurality of data assets of the organization where input data of the form is transmitted, (3) add the data asset to the third-party data repository with an electronic link to the form, (4) in response to a user submitting the form, create a unique subject identifier to submit to the third-party data repository and, along with the form data provided by the user in the form, to the data asset, (5) submit the unique subject identifier and the form data provided by the user to the third-party data repository and the data asset, and (6) digitally store the unique subject identifier and the form data in the third-party data repository and the data asset.

Abstract: In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.

Abstract: A Data Processing Risk Remediation System may be configured to: (1) access risk remediation data for an entity that identifies suitable action(s) to remediate a risk in response to identifying one or more data assets of the entity that may be affected by potential risk trigger(s); (2) receive an indication of an update to the one or more data assets; (3) identify one or more updated risk triggers for the entity; (4) analyze the one or more potential updated risk triggers to determine a relevance of a risk posed to the entity by the one or more updated risk triggers; (5) use one or more data modeling techniques to identify one or more data assets associated with the entity that may be affected by the risk; and (6) update the risk remediation data to include the one or more actions to remediate the risk.

Abstract: In various embodiments, a data subject request fulfillment system may be adapted to prioritize the processing of data subject access requests based on metadata of the data subject access request. For example, the system may be adapted for: (1) in response to receiving a data subject access request, obtaining metadata regarding the location from which the data subject access request is being made; (2) using the metadata to determine whether a priority of the data subject access request should be adjusted based on the obtained metadata; and (3) in response to determining that the priority of the data subject access request should be adjusted based on the obtained metadata, adjusting the priority of the data subject access request.

Abstract: In particular embodiments, a computer-implemented data processing method for responding to a data subject access request comprises: (A) receiving a data subject access request from a requestor comprising one or more request parameters; (B) validating an identity of the requestor by prompting the requestor to identify information associated with the requestor; (C) in response to validating the identity of the requestor, processing the request by identifying one or more pieces of personal data associated with the requestor, the one or more pieces of personal data being stored in one or more data repositories associated with a particular organization; and (D) taking one or more actions based at least in part on the data subject access request, the one or more actions including one or more actions related to the one or more pieces of personal data.

Abstract: Data processing computer systems, in various embodiments, are adapted for: (1) presenting a threshold privacy assessment that includes a first set of privacy-related questions for a privacy campaign; (2) receiving respective answers to the first set of questions; (3) using this initial set of answers to calculate an initial privacy risk score for the privacy campaign; (4) determining whether the privacy risk score exceeds the threshold privacy risk value; (5) in response to the privacy risk score exceeding the threshold privacy risk value, providing one or more supplemental questions to the user to facilitate the completion of a full privacy impact assessment. In some embodiments, in response to determining that the privacy risk score does not exceed the threshold privacy risk value, the systems and methods provide an indication that the particular privacy campaign is a relatively low privacy campaign.

Abstract: In various embodiments, a Consent Refresh, Re-Prompt, and Recapture System is configured to interface with a Consent Receipt Management System in order to, for example: (1) monitor previously provided consent by one or more data subjects that may be subject to future expiration; (2) monitor a data subject's activity to anticipate the data subject attempting an activity that may require a level of consent (e.g., for the processing of particular data subject data) that is higher than the system has received; and/or (3) identify other changes in circumstances or triggering events for a data subject that may warrant a refresh or recapture (e.g., or attempted capture) of a particular required consent (e.g., required to enable an entity to properly or legally execute a transaction with a data subject). The system may then be configured to automatically refresh, re-prompt for, and/or recapture consent as necessary.

Abstract: Data processing systems and methods, according to various embodiments are adapted for efficiently processing data to allow for the streamlined assessment of the risk level associated with particular privacy campaigns. The systems may provide a centralized repository of templates of privacy-related question/answer pairings for various vendors, products (e.g., software products), and services. Different entities may electronically access the templates (which may be periodically updated and centrally audited) and customize the templates for evaluating the risk associated with the entities' respective business endeavors that involve the relevant vendors, products, or services.

Abstract: A data processing system, according to various embodiments, may receive a data subject access request that includes a request to delete personal data of a particular data subject, modify personal data of the data subject, and/or provide personal data of the data subject. At least partially in response to receiving the data subject access request, the system may determine whether the data subject access request was initiated by an automated source. At least partially in response to determining that the data subject access request was initiated by an automated source, the system may automatically take at least one action to have the data subject access request reinitiated by a human source. At least partially in response to determining that the data subject access request was initiated by a human, the system may automatically facilitate the fulfillment of the data subject access request.

Abstract: A privacy compliance measurement system, according to particular embodiments, is configured to determine compliance with one or more privacy compliance requirements by an organization or sub-group of the organization. In various embodiments, the system is configured to determine a privacy maturity rating for each of a plurality of sub-groups within an organization. In some embodiments, the privacy maturity rating is based at least in part on: (1) a frequency of risks or issues identified with Privacy Impact Assessments (PIAs) performed or completed by the one or sub-groups; (2) a relative training level of members of the sub-groups with regard to privacy related matters; (3) a breadth and amount of personal data collected by the sub-groups; and/or (4) etc. In various embodiments, the system is configured to automatically modify one or more privacy campaigns based on the determined privacy maturity ratings.

Abstract: In particular embodiments, an Orphaned Data Action System is configured to analyze one or more data systems (e.g., data assets), identify one or more pieces of personal data that are one or more pieces of personal data that are not associated with one or more privacy campaigns of the particular organization, and notify one or more individuals of the particular organization of the one or more pieces of personal data that are one or more pieces of personal data that are not associated with one or more privacy campaigns of the particular organization.