Abstract: Examples of detecting whether a device meets an enrollment level are disclosed. In one case, a method for providing access to an application on a client device includes receiving a request to access an application from the client device, determining an enrollment level associated with the application, and determining that multi-factor authentication is required for access to the application on the client device based on the enrollment level associated with the application. The method can also include initiating multi-factor authentication on the client device before access to the application is permitted. The method can also include determining that multi-factor authentication is successful on the client device, transmitting a management component to the client device, and installing the management component on the client device for enrollment as a managed device with a management service.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include any entity that collects, processes, contains, and/or transfers personal data (e.g., a software application, database, website, server, etc.). A data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc. The system may then utilize the generated model to fulfil a data subject access request.

Abstract: Disclosed are various approaches for providing authentication of a user and a client device. A user's credentials can be authenticated by an identity provider. In addition, a device posture assessment that analyzes the device from which the authentication request originates is also performed. An authentication request can be authenticated based upon whether the device posture assessment reveals that device to be a managed device that is in compliance with compliance rules.

Abstract: Various Data Subject Access Request (DSAR) processing systems are adapted for presenting a first webform on a first web site, the first webform being adapted to receive DSAR's and to route the requests to a first designated individual for processing; presenting a second webform on a second web site, the second webform being adapted to receive DSAR's and to route the requests to a second designated individual for processing; receiving, via the first webform, a first DSAR; at least partially in response to the receiving the first DSAR, automatically routing the first DSAR to the first designated individual for handling; receiving, via the second webform, a second DSAR; at least partially in response to the receiving the second DSAR, automatically routing the second DSAR to the second designated individual for handling; and communicating a status of both the first DSAR and the second DSAR via a single user interface.

Abstract: Data processing systems and methods according to various embodiments are adapted for automatically detecting and documenting privacy-related aspects of computer software. Particular embodiments are adapted for: (1) automatically scanning source code to determine whether the source code include instructions for collecting personal data; and (2) facilitating the documentation of the portions of the code that collect the personal data. For example, the system may automatically prompt a user for comments regarding the code. The comments may be used, for example, to populate: (A) a privacy impact assessment; (B) system documentation; and/or (C) a privacy-related data map. The system may comprise, for example, a privacy comment plugin for use in conjunction with a code repository.

Abstract: A system for identifying and determining whether a particular cookie may include personal data, in any embodiment described herein, is configured to analyze collected cookies to determine whether the collected cookies may be used to directly or indirectly identify a particular individual. The system may, for example: (1) generate one or more virtual profiles; (2) use the one or more virtual profiles to access a plurality of websites; (3) collect cookie data for the plurality of websites for the one or more virtual profiles; and (4) analyze the cookie data to determine whether a particular website of the plurality of websites utilizes one or more cookies which may potentially include personal data. The system may then generate a report of the analysis, and display the report to an administrator or other individual associated with the particular website.

Abstract: Computer implemented methods, according to various embodiments, comprise: (1) integrating a privacy management system with DLP tools; (2) using the DLP tools to identify sensitive information that is stored in computer memory outside of the context of the privacy management system; and (3) in response to the sensitive data being discovered by the DLP tool, displaying each area of sensitive data to a privacy officer (e.g., similar to pending transactions in a checking account that have not been reconciled). A designated privacy officer may then select a particular entry and either match it up (e.g., reconcile it) with an existing data flow or campaign in the privacy management system, or trigger a new privacy assessment to be done on the data to capture the related privacy attributes and data flow information.

Abstract: A consent receipt management and data processing system may be configured to provide a centralized repository of consent receipt preferences for a plurality of data subjects. In various embodiments, the system is configured to provide an interface to the plurality of data subjects for modifying consent preferences and capture consent preference changes. The system may provide the ability to track the consent status of pending and confirmed consents. In other embodiments, the system may provide a centralized repository of consent receipts that a third-party system may reference when taking one or more actions related to a processing activity.

Abstract: Responding to a data subject access request includes receiving the request and identifying the requestor and source. In response to identifying the requestor and source, a computer processor determines whether the data subject access request is subject to fulfillment constraints, including whether the requestor or source is malicious. If so, then the computer processor denies the request or requests a processing fee prior to fulfillment. If not, then the computer processor fulfills the request.

Abstract: In particular embodiments, in response a data subject submitting a request to delete their personal data from an organization's systems, the system may: (1) automatically determine where the data subject's personal data is stored; (2) in response to determining the location of the data (which may be on multiple computing systems), automatically facilitate the deletion of the data subject's personal data from the various systems; and (3) determine a cause of the request to identify one or more processing activities or other sources that result in a high number of such requests.

Abstract: Data processing systems and methods according to various embodiments are adapted for automatically detecting and documenting privacy-related aspects of computer software. Particular embodiments are adapted for: (1) automatically scanning source code to determine whether the source code include instructions for collecting personal data; and (2) facilitating the documentation of the portions of the code that collect the personal data. For example, the system may automatically prompt a user for comments regarding the code. The comments may be used, for example, to populate: (A) a privacy impact assessment; (B) system documentation; and/or (C) a privacy-related data map. The system may comprise, for example, a privacy comment plugin for use in conjunction with a code repository.

Abstract: A privacy management system that is configured to process one or more data subject access requests and further configured to: (1) enable a data protection officer to submit an audit request; (2) perform an audit based on one or more parameters provided as part of the request (e.g., one or more parameters such as how long an average request takes to fulfill, one or more parameters related to logging and/or tracking data subject access requests and/or complaints from one or more particular customer advocacy groups, individuals, NGOs, etc.); and (3) provide one or more audit results to the officer (e.g., by displaying the results on a suitable display screen).

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). The system may be configured to identify particular data assets and/or personal data in data repositories using any suitable intelligent identity scanning technique.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). For example, a first data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc.

Abstract: Disclosed are various approaches for providing authentication of a user and a client device. A user's credentials can be authenticated by an identity provider. In addition, a device posture assessment that analyzes the device from which the authentication request originates is also performed. An authentication request can be authenticated based upon whether the device posture assessment reveals that device to be a managed device that is in compliance with compliance rules.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for performing a process of procuring a vendor and sub-processes associated therewith, such as performing vendor risk assessments and providing training specific to the procurement of that particular vendor. Training requirements for the user procuring the vendor and/or for the vendor itself are determined and any deficiencies in current, valid training requirements are identified. Training to address any identified deficiencies is provided as part of the vendor procurement process. Training may be customized based on trainee and/or organization attributes to improve the effectiveness of such training.

Abstract: A system for identifying and determining whether a particular cookie may include personal data, in any embodiment described herein, is configured to analyze collected cookies to determine whether the collected cookies may be used to directly or indirectly identify a particular individual. The system may, for example: (1) generate one or more virtual profiles; (2) use the one or more virtual profiles to access a plurality of websites; (3) collect cookie data for the plurality of websites for the one or more virtual profiles; and (4) analyze the cookie data to determine whether a particular website of the plurality of websites utilizes one or more cookies which may potentially include personal data. The system may then generate a report of the analysis, and display the report to an administrator or other individual associated with the particular website.

Abstract: Data processing systems and methods, according to various embodiments are adapted for efficiently processing data to allow for the streamlined assessment of the risk level associated with particular privacy campaigns. The systems may provide a centralized repository of templates of privacy-related question/answer pairings for various vendors, products (e.g., software products), and services. Different entities may electronically access the templates (which may be periodically updated and centrally audited) and customize the templates for evaluating the risk associated with the entities' respective business endeavors that involve the relevant vendors, products, or services.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for efficiently processing data to allow for the streamlined assessment of risk ratings for one or more vendors. In various embodiments, the systems/methods may use one or more particular vendor attributes (e.g., as determined from scanning one or more webpages associated with the particular vendor) and the contents of one or more completed templates for the vendor to determine a vendor risk rating for the particular vendor. As a particular example, the system may scan a website associated with the vendor to automatically determine one or more security certifications associated with the vendor and use that information, along with information from a completed template for the vendor, to calculate a vendor risk rating that indicates the risk of doing business with the vendor.

Abstract: Computer implemented methods, according to various embodiments, comprise: (1) integrating a privacy management system with DLP tools; (2) using the DLP tools to identify sensitive information that is stored in computer memory outside of the context of the privacy management system; and (3) in response to the sensitive data being discovered by the DLP tool, displaying each area of sensitive data to a privacy officer (e.g., similar to pending transactions in a checking account that have not been reconciled). A designated privacy officer may then select a particular entry and either match it up (e.g., reconcile it) with an existing data flow or campaign in the privacy management system, or trigger a new privacy assessment to be done on the data to capture the related privacy attributes and data flow information.