Abstract: A consent receipt management system may, for example, be configured to track data on behalf of an entity that collects and/or processes persona data related to: (1) who consented to the processing or collection of personal data; (2) when the consent was given (e.g., a date and time); (3) what information was provided to the consenter at the time of consent (e.g., a privacy policy, what personal data would be collected following the provision of the consent, for what purpose that personal data would be collected, etc.); (4) how consent was received (e.g., one or more copies of a data capture form, webform, etc. via which consent was provided by the consenter); (5) when consent was withdrawn (e.g., a date and time of consent withdrawal if the consenter withdraws consent); and/or (6) any other suitable data related to receipt or withdrawal of consent.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for automatically assessing the level of security and/or privacy risk associated with doing business with a particular vendor or other entity and for generating training material for such vendors. In various embodiments, the systems may automatically obtain and use any suitable information to assess such risk levels including, for example: (1) any security and/or privacy certifications held by the vendor; (2) the terms of one or more contracts between a particular entity and the vendor; (3) the results of one or more privacy impact assessments for the vendor; and/or (4) any other suitable data. The system may be configured to automatically approve or reject a particular vendor based on the assessed risk level associated with the vendor and this information may be automatically communicated to an entity considering doing business with the vendor and/or the vendor itself.

Abstract: A centralized data repository system, in various embodiments, is configured to provide a central data-storage repository (e.g., one or more servers, databases, etc.) for the centralized storage of personally identifiable information (PII) and/or personal data for one or more particular data subjects. In particular embodiments, the centralized data repository may enable the system to populate one or more data models (e.g., using one or more suitable techniques described above) substantially on-the-fly (e.g., as the system collects, processes, stores, etc. personal data regarding a particular data subject). In this way, in particular embodiments, the system is configured to maintain a substantially up-to-date data model for a plurality of data subjects (e.g., each particular data subject for whom the system collects, processes, stores, etc. personal data).

Abstract: In various embodiments, a system may be configured to substantially automatically determine whether to take one or more actions in response to one or more identified risk triggers (e.g., data breaches, regulation change, etc.). The system may, for example: (1) compare the potential risk trigger to one or more previous risks triggers experienced by the particular entity at a previous time; (2) identify a similar previous risk trigger (e.g., one or more previous risk triggers related to a similar change in regulation, breach of data, type of issue identified, etc.); (3) determine the relevance of the current risk trigger based at least in part on a determined relevance of the previous risk trigger; and (4) determine whether to take one or more actions to the current risk trigger based at least in part on one or more determined actions to take in response to the previous, similar risk trigger.

Abstract: Data processing systems and methods according to various embodiments are adapted for automatically detecting and documenting privacy-related aspects of computer software. Particular embodiments are adapted for: (1) automatically scanning source code to determine whether the source code include instructions for collecting personal data; and (2) facilitating the documentation of the portions of the code that collect the personal data. For example, the system may automatically prompt a user for comments regarding the code. The comments may be used, for example, to populate: (A) a privacy impact assessment; (B) system documentation; and/or (C) a privacy-related data map. The system may comprise, for example, a privacy comment plugin for use in conjunction with a code repository.

Abstract: In various embodiments, an organization may be required to comply with one or more legal or industry requirements related to the storage of personal data (e.g., which may, for example, include personally identifiable information) even when responding to and fulfilling Data Subject Access Requests. In particular, when responding to a DSAR, the system may compile one or more pieces of personal data for provision to a data subject. The system may store this compilation of personal data at least temporarily in order to provide access to the data to the data subject. As such, the system may be configured to implement one or more data retention rules in order to ensure compliance with any legal or industry requirements related to the temporary storage of the collected data while still fulfilling any requirements related to providing the data to data subjects that request it, deleting the data upon request, etc.

Abstract: A computer-implemented method for populating a privacy-related data model by: (1) providing a data model that comprises one or more respective populated or unpopulated fields; (2) determining that at least a particular one of the fields for a particular data asset is an unpopulated field; (3) at least partially in response to determining that the at least one particular field is unpopulated, automatically generating a privacy questionnaire comprising at least one question that, if properly answered, would result in a response that may be used to populate the at least one particular unpopulated field; (4) transmitting the privacy questionnaire to at least one individual; (5) receiving a response to the questionnaire, the response comprising a respective answer to the at least one question; and (6) in response to receiving the response, populating the at least one particular unpopulated field with information from the received response.

Abstract: In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.

Abstract: Computer systems and methods for: (1) analyzing electronic correspondence associated with a data subject (e.g., the emails within one or more email in-boxes associated with the data subject); (2) based on the analysis, determining whether a data subject engagement rating does or does not satisfy a criteria (e.g., as evidenced by the fact that the data subject no longer opens emails from the entity, and/or has set up a rule to automatically delete emails received from the entity); and (3) in response to identifying the data subject engagement rating does or does not satisfy a criteria, at least substantially automatically populating and/or submitting a data subject access request to an entity computing system via a public data network (e.g., to delete all personal information being processed by the entity).

Abstract: In various embodiments, a data map generation system is configured to receive a request to generate a privacy-related data map for particular computer code, and, at least partially in response to the request, determine a location of the particular computer code, automatically obtain the particular computer code based on the determined location, and analyze the particular computer code to determine privacy-related attributes of the particular computer code, where the privacy-related attributes indicate types of personal information that the particular computer code collects or accesses. The system may be further configured to generate and display a data map of the privacy-related attributes to a user.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). The system may be configured to identify particular data assets and/or personal data in data repositories using any suitable intelligent identity scanning technique.

Abstract: In particular embodiments, a data subject request processing system may be configured to utilize one or more local storage nodes in order to process a data subject access request on behalf of a data subject. In particular embodiments, the one or more local storage nodes may be local to the data subject making the request (e.g., in the same country as the data subject, in the same jurisdiction, in the same geographic area, etc.). The system may, for example, be configured to: (1) receive a data subject access request from a data subject (e.g., via a web form); (2) identify a suitable local storage node based at least in part on the request and/or the data subject; (3) route the data subject access request to the identified local storage node; and (4) process the data subject access request at the identified local storage node.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). For example, a first data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc.

Abstract: In various embodiments, a system may be configured to substantially automatically determine whether to take one or more actions in response to one or more identified risk triggers (e.g., data breaches, regulation change, etc.). The system may, for example: (1) compare the potential risk trigger to one or more previous risks triggers experienced by the particular entity at a previous time; (2) identify a similar previous risk trigger (e.g., one or more previous risk triggers related to a similar change in regulation, breach of data, type of issue identified, etc.); (3) determine the relevance of the current risk trigger based at least in part on a determined relevance of the previous risk trigger; and (4) determine whether to take one or more actions to the current risk trigger based at least in part on one or more determined actions to take in response to the previous, similar risk trigger.

Abstract: Data processing systems and methods according to various embodiments are adapted for automatically detecting and documenting privacy-related aspects of computer software. Particular embodiments are adapted for: (1) automatically scanning source code to determine whether the source code include instructions for collecting personal data; and (2) facilitating the documentation of the portions of the code that collect the personal data. For example, the system may automatically prompt a user for comments regarding the code. The comments may be used, for example, to populate: (A) a privacy impact assessment; (B) system documentation; and/or (C) a privacy-related data map. The system may comprise, for example, a privacy comment plugin for use in conjunction with a code repository.

Abstract: A consent receipt management system may, for example, be configured to track data on behalf of an entity that collects and/or processes persona data related to: (1) who consented to the processing or collection of personal data; (2) when the consent was given (e.g., a date and time); (3) what information was provided to the consenter at the time of consent (e.g., a privacy policy, what personal data would be collected following the provision of the consent, for what purpose that personal data would be collected, etc.); (4) how consent was received (e.g., one or more copies of a data capture form, webform, etc. via which consent was provided by the consenter); (5) when consent was withdrawn (e.g., a date and time of consent withdrawal if the consenter withdraws consent); and/or (6) any other suitable data related to receipt or withdrawal of consent.

Abstract: Responding to a data subject access request includes receiving the request and identifying the requestor and source. In response to identifying the requestor and source, a computer processor determines whether the data subject access request is subject to fulfillment constraints, including whether the requestor or source is malicious. If so, then the computer processor denies the request or requests a processing fee prior to fulfillment. If not, then the computer processor fulfills the request.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for automatically assessing the level of security and/or privacy risk associated with doing business with a particular vendor or other entity and for generating training material for such vendors. In various embodiments, the systems may automatically obtain and use any suitable information to assess such risk levels including, for example: (1) any security and/or privacy certifications held by the vendor; (2) the terms of one or more contracts between a particular entity and the vendor; (3) the results of one or more privacy impact assessments for the vendor; and/or (4) any other suitable data. The system may be configured to automatically approve or reject a particular vendor based on the assessed risk level associated with the vendor and this information may be automatically communicated to an entity considering doing business with the vendor and/or the vendor itself.

Abstract: Computer systems and methods for: (1) analyzing electronic correspondence associated with a data subject (e.g., the emails within one or more email in-boxes associated with the data subject); (2) based on the analysis, identifying at least one entity that that the data subject does not actively do business with (e.g., as evidenced by the fact that the data subject no longer opens emails from the entity, and/or has set up a rule to automatically delete emails received from the entity); and (3) in response to identifying the entity as an entity that the data subject no longer does business with, at least substantially automatically populating and/or submitting a data subject access request to the entity (e.g., to delete all personal information being processed by the entity).

Abstract: In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.