Abstract: A system for identifying and determining whether a particular cookie may include personal data, in any embodiment described herein, is configured to analyze collected cookies to determine whether the collected cookies may be used to directly or indirectly identify a particular individual. The system may, for example: (1) generate one or more virtual profiles; (2) use the one or more virtual profiles to access a plurality of websites; (3) collect cookie data for the plurality of websites for the one or more virtual profiles; and (4) analyze the cookie data to determine whether a particular website of the plurality of websites utilizes one or more cookies which may potentially include personal data. The system may then generate a report of the analysis, and display the report to an administrator or other individual associated with the particular website.

Abstract: A system and method for determining consent user interface validity for a provided consent user interface of a web form presenting consent information, comprising: accessing a consent user interface presented on a web form; determining one or more configuration attributes of the consent user interface; accessing one or more privacy regulations associated with presenting consent information; comparing the one or more configuration attributes of the consent user interface to each of the one or more privacy regulations; determining whether the consent user interface is compliant with each of the one or more privacy regulations; and in response to determining that the consent user interface is not compliant with one or more privacy regulations, flagging the consent user interface.

Abstract: Computer implemented methods, according to various embodiments, comprise: (1) integrating a privacy management system with DLP tools; (2) using the DLP tools to identify sensitive information that is stored in computer memory outside of the context of the privacy management system; and (3) in response to the sensitive data being discovered by the DLP tool, displaying each area of sensitive data to a privacy officer (e.g., similar to pending transactions in a checking account that have not been reconciled). A designated privacy officer may then select a particular entry and either match it up (e.g., reconcile it) with an existing data flow or campaign in the privacy management system, or trigger a new privacy assessment to be done on the data to capture the related privacy attributes and data flow information.

Abstract: Responding to a data subject access request includes receiving the request and identifying the requestor and source. In response to identifying the requestor and source, a computer processor determines whether the data subject access request is subject to fulfillment constraints, including whether the requestor or source is malicious. If so, then the computer processor denies the request or requests a processing fee prior to fulfillment. If not, then the computer processor fulfills the request.

Abstract: A consent receipt management and data processing system may be configured to provide a centralized repository of consent receipt preferences for a plurality of data subjects. In various embodiments, the system is configured to provide an interface to the plurality of data subjects for modifying consent preferences and capture consent preference changes. The system may provide the ability to track the consent status of pending and confirmed consents. In other embodiments, the system may provide a centralized repository of consent receipts that a third-party system may reference when taking one or more actions related to a processing activity.

Abstract: In particular embodiments, a Personal Data Deletion System is configured to: (1) at least partially automatically identify and delete personal data that an entity is required to erase under one or more of the conditions discussed above; and (2) perform one or more data tests after the deletion to confirm that the system has, in fact, deleted any personal data associated with the data subject. The system may, for example, be configured to test to ensure the data has been deleted by: (1) submitting a unique token of data through a form to a system; (2) in response to passage of an expected data retention time, test the system by calling into the system after the passage of the data retention time to search for the unique token.

Abstract: In various embodiments, a data processing consent capture system may be configured to prompt the data subject to consent to one or more types of data processing (e.g., to provide a desired consent) in response to identifying particular cookies (e.g., or types of data processing) that a data subject has not consented to. The system may, for example, substantially automatically prompt the data subject to consent for one or more particular types of data processing in response to determining that the user (e.g., data subject) has requested that a website or other system perform one or more functions that are not possible without a particular type of consent from the data subject. The system may, for example, prompt the user to consent in time for a certain interaction with the website, application, etc.

Abstract: In particular embodiments, a sensitive data management system is configured to remove sensitive data after a period of non-use. Credentials used to access remote systems and/or third-party systems are stored with metadata that is updated with each use of the credentials. After a period of non-use, determined based on credential metadata, the credentials are deleted. Personal data retrieved to process a consumer request is stored with metadata that is updated with each use of the personal data. After a period of non-use, determined based on personal data metadata, the personal data is deleted. The personal data is also deleted if the system determines that the process or system that caused the personal data to be retrieved is no longer in use. An encrypted version of personal data may be stored for later use in verifying proper consumer request fulfillment.

Abstract: In various embodiments, a system may be configured to analyze data for a particular consent capture point to identify a change in consent capture rate from the capture point. The system may, for example, be configured to automatically detect that the system has stopped receiving consent records from a particular capture point. In such embodiments, the system may be configured to generate an alert, and transmit the alert to any suitable individual (e.g., privacy team member, IT department member, etc.) regarding the capture point. The system may, for example, enable an entity to identify one or more capture points that may have become non-functional (e.g., as a result of one or more changes to the capture point).

Abstract: In particular embodiments, in response a data subject submitting a request to delete their personal data from an organization's systems, the system may: (1) automatically determine where the data subject's personal data is stored; (2) in response to determining the location of the data (which may be on multiple computing systems), automatically facilitate the deletion of the data subject's personal data from the various systems; and (3) determine a cause of the request to identify one or more processing activities or other sources that result in a high number of such requests.

Abstract: In particular embodiments, a data processing consent management system may be configured to utilize one or more age verification techniques to at least partially authenticate the data subject's ability to provide valid consent (e.g., under one or more prevailing legal requirements) in order to collect, store, and or process the subject's personal data. For example, according to one or more particular legal or industry requirements, an individual (e.g., data subject) may need to be at least a particular age (e.g., an age of majority, an adult, over 18, over 21, over 13, or any other suitable age) in order to provide valid consent. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects in response to confirming that the data subject is old enough to provide such consent.

Abstract: In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for generating customized user interfaces. In accordance with various aspects, a method is provided that comprises: providing a content generation interface that includes control elements for selecting interactive content; receiving, via the control elements, a selection of a set of webpages comprising the interactive content; configuring, based on the selection, the interactive content to be displayed via browser tabs by: including a set of object identifiers, wherein each object identifier represents a corresponding webpage that is to be displayed via a browser tab; and transmitting an instruction to a browser application executing on a target device causing the browser application to launch browser tabs to display the interactive content by displaying the corresponding webpage via a browser tab of the browser tabs.

Abstract: Aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for identifying data processing activities associated with various data assets based on data discovery results. In accordance various aspects, a method is provided comprising: identifying and scanning data assets to detect a subset of the data assets, wherein each asset of the subset is associated with a particular data element used for target data; generating a prediction for each pair of data assets of the subset on the target data flowing between the pair; identifying a data flow for the target data based on the prediction generated for each pair; and identifying a data processing activity associated with handling the target data based on a correlation identified for the particular data element, the subset, and/or the data flow with a known data element, subset, and/or data flow for the data processing activity.

Abstract: Data processing systems and methods according to various embodiments are adapted for automatically detecting and documenting privacy-related aspects of computer software. Particular embodiments are adapted for: (1) automatically scanning source code to determine whether the source code include instructions for collecting personal data; and (2) facilitating the documentation of the portions of the code that collect the personal data. For example, the system may automatically prompt a user for comments regarding the code. The comments may be used, for example, to populate: (A) a privacy impact assessment; (B) system documentation; and/or (C) a privacy-related data map. The system may comprise, for example, a privacy comment plugin for use in conjunction with a code repository.

Abstract: In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for integrating third party computing system functionality into a first party computing system by providing a risk management and mitigation computing system configured to analyze a risk of integrating the functionality provided by the third party computing system and facilitating implementation of one or more data-related controls that include performing computer-specific operations to mitigate and/or eliminate the identified risks. For example, the risk management and mitigation computing system can access risk data in tenant computing systems to determine a risk score related to the integration of the third party computing system functionality based on risks determined during prior integrations of the third party computing system functionality by other tenant computing systems.

Abstract: In particular embodiments, an Orphaned Data Action System is configured to analyze one or more data systems (e.g., data assets), identify one or more pieces of personal data that are one or more pieces of personal data that are not associated with one or more privacy campaigns of the particular organization, and notify one or more individuals of the particular organization of the one or more pieces of personal data that are one or more pieces of personal data that are not associated with one or more privacy campaigns of the particular organization.

Abstract: Methods, systems, and non-transitory computer readable storage media are disclosed for determining clusters of similar digital documents using unique document signatures. Specifically, the disclosed system processes digital text in a digital document to tokenize character strings (e.g., words) in the digital document by combining a subset of character values and string lengths in the character strings. Additionally, the disclosed system generates a document signature for the digital document by combining subsets of tokens generated for the digital document into a token sequence indicative of the digital text in the digital document. The disclosed system determines a cluster of similar digital documents including the digital document by comparing the document signature of the digital document to document signatures corresponding to a plurality of digital documents.

Abstract: Embodiments of the present invention provide methods, systems, and/or the like for versioning a graph representation in a graph data structure. In accordance with one embodiment, a method is provided comprising: conducting a plurality of iterations involving: validating a first data source comprising a new version of data based on a schema from a plurality of schemas in which each schema corresponds to a graph representation found in a graph data structure; and identifying errors in the first source based on the validating of the source; identifying an applicable schema as a schema producing fewer errors than at least one other schema; comparing the first source with a second source comprising a previous version of the data to identify a difference; generating a query for the difference based on the applicable schema; and providing the query for execution to migrate the difference into the graph representation.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for determining a categorization for each tracking tool that executes on a particular webpage based on a variety of criteria, such as the purpose of the tracking tool and its source script. The system may compare the characteristics of tracking tools on a webpage to a database of known tracking tools to determine the appropriate categorization. When a user visits the webpage, the system analyzes these categories and determines whether the tracking tool should be permitted to run based on the categories and/or other criteria, such as whether the user has consented to the use of that type of tracking tool.

Abstract: A privacy management system that is configured to process one or more data subject access requests and further configured to: (1) enable a data protection officer to submit an audit request; (2) perform an audit based on one or more parameters provided as part of the request (e.g., one or more parameters such as how long an average request takes to fulfill, one or more parameters related to logging and/or tracking data subject access requests and/or complaints from one or more particular customer advocacy groups, individuals, NGOs, etc.); and (3) provide one or more audit results to the officer (e.g., by displaying the results on a suitable display screen).