Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include any entity that collects, processes, contains, and/or transfers personal data (e.g., a software application, database, website, server, etc.). A data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc. The system may then utilize the generated model to fulfill a data subject access request.

Abstract: Data processing systems and methods, according to various embodiments are adapted for efficiently processing data to allow for the streamlined assessment of the risk level associated with particular privacy campaigns. The systems may provide a centralized repository of templates of privacy-related question/answer pairings for various vendors, products (e.g., software products), and services. Different entities may electronically access the templates (which may be periodically updated and centrally audited) and customize the templates for evaluating the risk associated with the entities' respective business endeavors that involve the relevant vendors, products, or services.

Abstract: Computer implemented methods, according to various embodiments, comprise: (1) integrating a privacy management system with DLP tools; (2) using the DLP tools to identify sensitive information that is stored in computer memory outside of the context of the privacy management system; and (3) in response to the sensitive data being discovered by the DLP tool, displaying each area of sensitive data to a privacy officer (e.g., similar to pending transactions in a checking account that have not been reconciled). A designated privacy officer may then select a particular entry and either match it up (e.g., reconcile it) with an existing data flow or campaign in the privacy management system, or trigger a new privacy assessment to be done on the data to capture the related privacy attributes and data flow information.

Abstract: Responding to a data subject access request includes receiving the request and validating an identity of the requestor. In response to validating the identity of the requestor, a computer processor determines whether the data subject access request is subject to fulfillment constraints. If so, then the computer processor notifies the requestor that the data subject access request is subject to one or more limitations and the computer processor takes action based on those limitations. Fulfillment constraint data is updated and maintained in a database or server.

Abstract: Data processing systems and methods for receiving data regarding a plurality of data privacy campaigns and for using that data to calculate or modify a relative risk associated with the campaign based on the received data. In various embodiments, the system may be adapted to: (1) receive processing activity data input by users via a software application presented on graphical user interface for one or more privacy campaigns; (2) automatically assess and display a relative risk associated with each campaign; (3) providing a software application via which a user may provide one or more inputs, for example, capture an image; and (4) automatically update the relative risk for the campaign based on the information provided in the one or more inputs. In some embodiments, the system is configured to enable a user, via the software application, to view information related to the privacy campaign, modify that data, etc.

Abstract: Data processing computer systems, in various embodiments, are adapted for: (1) presenting a threshold privacy assessment that includes a first set of privacy-related questions for a privacy campaign; (2) receiving respective answers to the first set of questions; (3) using this initial set of answers to calculate an initial privacy risk score for the privacy campaign; (4) determining whether the privacy risk score exceeds the threshold privacy risk value; (5) in response to the privacy risk score exceeding the threshold privacy risk value, providing one or more supplemental questions to the user to facilitate the completion of a full privacy impact assessment. In some embodiments, in response to determining that the privacy risk score does not exceed the threshold privacy risk value, the systems and methods provide an indication that the particular privacy campaign is a relatively low privacy campaign.

Abstract: In various embodiments, a privacy campaign data modification system is configured to store one or more electronic messages in memory and associate those electronic messages with a particular processing activity. The system may be configured to automatically analyze the electronic messages to determine whether personal data is being transferred from one territory to another as part of the processing activity. If so, the system may update a risk level associated with the processing activity to reflect the cross-border transfer. The system may also be configured to automatically analyze the electronic messages to determine whether personal data is being transferred from a party inside a particular organization to a party outside the organization. If so, the system may update the risk level associated with the processing activity to reflect the transfer of the personal data out of the organization.

Abstract: Data processing systems and methods, according to various embodiments, perform privacy assessments and monitor new versions of computer code for updated features and conditions that relate to compliance with privacy standards. The systems and methods may obtain a copy of computer code (e.g., a software application or code associated with a website) that collects and/or uses personal data, and then automatically analyze the computer code to identify one or more privacy-related attributes that may impact compliance with applicable privacy standards. The system may be adapted to monitor one or more locations (e.g., an online software application marketplace, and/or a specified website) to determine whether the application or website has changed. The system may, after analyzing the computer code, display the privacy-related attributes, collect information regarding the attributes, and automatically notify one or more designated individuals (e.g.

Abstract: In various embodiments, a data map generation system is configured to: (1) enable a user to specify one or more criteria; (2) identify one or more data flows based at least in part on the one or more specified criteria; (3) generate a data map based at least in part on the identified one or more data flows; and (4) display the data map to any suitable individual (e.g., the user). In particular embodiments, the system is configured to display all data flows associated with a particular organization that are stored within the system. In other embodiments, the system is configured to display all data flows that are associated with a particular privacy campaign undertaken by the organization.

Abstract: Data processing systems and methods for: (1) receiving from a first set of users, respective answers for question/answer pairings regarding a product's proposed design; (2) using the question/answer pairings to prepare an initial privacy impact assessment for the product; (3) displaying the plurality of question/answer pairings to a second set of users; (4) receiving recommended steps to be implemented, before the product's implementation date, as part of the design of the product to address any privacy-related concerns identified in the initial privacy impact assessment; and (5) after the tasks have been completed, generating a report documenting that: (a) the initial privacy assessment has been conducted for the product; (b) one or more revisions have been made to the product to facilitate the compliance of the product with the one or more privacy standards; and (c) an updated privacy assessment has been conducted for the product.

Abstract: A domain scanning and website analysis system may be utilized to determine whether an entity is registering one or more websites maliciously in the name of a particular organization (e.g., or using a particular brand name, trademark, or other protected name of the organization). The system may be configured to: (1) scan a plurality of web domains to identify a particular name or variation thereof; (2) perform a registry lookup for any identified web domains that include the particular name; (3) determine based on registration information determined from the registry lookup, whether the identified domain or sub-domain is registered to a potentially malicious entity; (4) scan one or more webpages in the identified domain to determine content; and (5) determine, based on the determined content and whether the web domain is registered to a potentially malicious entity, whether to take action against the identified domain or sub-domain.

Abstract: A privacy compliance measurement system, according to particular embodiments, is configured to determine compliance with one or more privacy compliance requirements by an organization or sub-group of the organization. In various embodiments, the system is configured to determine a privacy maturity rating for each of a plurality of sub-groups within an organization. In some embodiments, the privacy maturity rating is based at least in part on: (1) a frequency of risks or issues identified with Privacy Impact Assessments (PIAs) performed or completed by the one or sub-groups; (2) a relative training level of members of the sub-groups with regard to privacy related matters; (3) a breadth and amount of personal data collected by the sub-groups; and/or (4) etc. In various embodiments, the system is configured to automatically modify one or more privacy campaigns based on the determined privacy maturity ratings.

Abstract: Data processing systems and methods, according to various embodiments, are configured for generating personal data inventories for an organization by: (1) conducting, by one or more computer processors, privacy impact assessments for each of the organization's new business initiatives, the privacy impact assessments including both data-mapping and non-data-mapping questions; (2) flagging, by one or more computer processors, any data-mapping questions within the privacy impact assessments as data mapping questions; and (3) generating, one or more computer processors, personal data inventories on-demand based on the flagged data-mapping data.

Abstract: Data processing systems and methods for: (1) receiving, via privacy data compliance software, from a first set of users, respective answers for question/answer pairings regarding the proposed design of a product; (2) using the question/answer pairings to prepare an initial privacy impact assessment for the product; (3) displaying, via the privacy data compliance software, the plurality of question/answer pairings to a second set of users, and receiving recommended steps to be implemented as part of the design of the product; (4) initiating the generation of one or more tasks in project management software that would advance the completion of the recommended steps; and (5) after the tasks have been completed, generating, by the privacy data compliance software, an updated privacy impact assessment for the product that reflects the fact that the tasks have been completed.

Abstract: A system for identifying and determining whether a particular cookie may include personal data, in various embodiments, is configured to analyze collected cookies to determine whether the collected cookies may be used to directly or indirectly identify a particular individual. The system may, for example: (1) generate one or more virtual profiles; (2) use the one or more virtual profiles to access a plurality of websites; (3) collect cookie data for the plurality of websites for the one or more virtual profiles; and (4) analyze the cookie data to determine whether a particular website of the plurality of websites utilizes one or more cookies which may potentially include personal data. The system may then generate a report of the analysis, and display the report to an administrator or other individual associated with the particular website.

Abstract: Data processing systems and methods for receiving data regarding a plurality of data privacy campaigns and for using that data to modify stored data associated with the data privacy campaign. In various embodiments, the system may be adapted to: (1) display one or more visual summaries of one or more data flow diagrams that visually depicts key features of the data flow, such as whether data is confidential and/or encrypted; (2) automatically assess and display a relative risk associated with each campaign; and (3) automatically set, monitor, and facilitate the timely completion of an audit schedule for each campaign. In some embodiments, the system is configured to provide a mobile application via which a user may view information related to the privacy campaign, modify that data, etc.

Abstract: Data processing systems and methods for retrieving data regarding a plurality of data privacy campaigns and for using that data to assess a relative risk associated with the data privacy campaign. In various embodiments, the system may be adapted to: (1) display one or more visual summaries of one or more data flow diagrams that visually depicts key features of the data flow, such as whether data is confidential and/or encrypted; (2) allow for multiple users to be assigned responsibility for populating different respective questions that are required to define the data flow; (3) automatically assess and display a relative risk associated with each campaign; and (4) automatically set, monitor, and facilitate the timely completion of an audit schedule for each campaign.

Abstract: Data processing systems and methods for retrieving data regarding a plurality of data privacy campaigns and for using that data to assess a relative risk associated with the data privacy campaign. In various embodiments, the system may be adapted to: (1) display one or more visual summaries of one or more data flow diagrams that visually depicts key features of the data flow, such as whether data is confidential and/or encrypted; (2) allow for multiple users to be assigned responsibility for populating different respective questions that are required to define the data flow; (3) automatically assess and display a relative risk associated with each campaign; and (4) automatically set, monitor, and facilitate the timely completion of an audit schedule for each campaign.

Abstract: Data processing systems and methods, according to various embodiments are adapted for efficiently processing data to allow for the streamlined assessment of the risk level associated with particular privacy campaigns. The systems may provide a centralized repository of templates of privacy-related question/answer pairings for various vendors, products (e.g., software products), and services. Different entities may electronically access the templates (which may be periodically updated and centrally audited) and customize the templates for evaluating the risk associated with the entities' respective business endeavors that involve the relevant vendors, products, or services.

Abstract: In various embodiments, a privacy campaign data modification system is configured to store electronic messages in memory and associate those electronic messages with a particular privacy campaign. In particular, a privacy officer or other individual may receive e-mails or other electronic messages that are associated with an existing privacy campaign or an existing privacy impact assessment currently being performed for a particular privacy campaign. In various embodiments, it may be necessary to store and maintain the electronic messages for any suitable reason (e.g., record keeping, auditing, etc.).