Abstract: In an implementation, a request for one or more attachments stored in an application document store is received from a requestor and by an application agent associated with an application. For each attachment identified in the request, the application agent: 1) requests the attachment from a data privacy integration (DPI) kernel service; 2) receives a download link to an attachment in the application document store; 3) downloads, using the download link, the attachment from the application document store; 4) informs the DPI kernel service that a download of the attachment is complete; and 5) receives a message from the DPI kernel service that the download link has been deactivated. The application agent returns the one or more attachments to the requestor.

Abstract: Systems and processes for managing access to personal data based on a purpose for storing the personal data are provided. In a method for managing personal data access, personal data for a data subject corresponding to a first data category is received, and an operation is executed in a purpose agent to associate one or more purposes to the personal data, where the one or more purposes are assigned to the first data category and include at least a first purpose. The personal data may be stored in a data storage system, and the stored personal data may be designated as being associated with the one or more purposes. Access to the personal data may be controlled based on the one or more purposes.

Abstract: Applications create log entries comprising data regarding operations performed by the applications. The log entries are provided to an audit-log service to allow auditing of the log entries. An audit-log sidecar for each application is used to send log entries to the audit-log service. The audit-log service may experience downtime. If the audit-log service is unavailable, the log entries are sent to one or more other audit-log sidecars for storage. When the audit-log service again becomes available, all audit-log sidecars send their stored log entries to the audit-log service. In this way, the audit-log service is enabled to determine if there is a discrepancy between log entries reported by an application and log entries reported for the application by other audit-log sidecars. As a result, an attack on an application will not go undetected, even if the attack occurs while the audit-log service is unavailable.

Abstract: The present disclosure involves systems, software, and computer implemented methods for aligned purpose disassociation in a multi-system landscape. One example method includes receiving, from multiple systems, a can-disassociate status for a purpose for an object instance. The status from a respective system can be an affirmative status that indicates that the system can disassociate the purpose from the instance or a negative status that indicates that the system cannot disassociate the purpose from the instance. The received statuses are evaluated to determine a central disassociate purpose decision for the purpose for the instance. The central disassociate purpose decision can be to disassociate the purpose from the instance when no system has the negative status and to not disassociate the purpose from the instance when at least one system has the negative status. The central disassociate purpose decision is provided to at least some of the multiple systems.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining to initiate an integrated end of purpose protocol for an object. An end-of-purpose query is provided to multiple applications that requests each application to determine whether the application is able to block the object. End-of-purpose statuses are received, in response to the end-of-purpose query, that each indicate whether a respective application is able to block the object. The end-of-purpose statuses are evaluated to determine whether an aligned end of purpose has been reached for the object. In response to determining that the aligned end of purpose has been reached for the object, a block command is provided to each application that instructs the application to locally block the object in the application.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining, by a data privacy integration service, a condition that has occurred from performing a data privacy integration protocol that indicates that a first object is to be redistributed to applications in a multiple-application landscape. Application responder group configurations are identified that group the applications into multiple redistribution responder groups for performing redistribution operations for an object type of the first object in response to redistribution requests. A redistribution command to redistribute the first object is sent to each application in a first redistribution responder group.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining, by a data privacy integration service, a condition that indicates that all applications in a multiple-application landscape are to attempt a blocking operation on at least one object as part of a data privacy integration protocol. Blocking responder group configurations are identified that group applications in the multiple-application landscape into multiple blocking responder groups for performing blocking operations in response to requests from the data privacy integration service. A blocking command to perform a blocking operation on the at least one object is sent to applications in a first blocking responder group. Blocking statuses are received from each of the applications in the first blocking responder group and a determination is made as to whether all received blocking statuses indicate successful completion of the blocking command.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes providing ticket details for a data privacy integration protocol to each application in a multiple-application landscape. Each application has a relevant object type list and is included in a particular voting responder group for providing votes for the data privacy integration protocol. A first voting work package is created that includes a first subset of object identifiers included in the ticket. A work package object list is generated for each application based on the first subset of object identifiers. Object identifiers are removed from the work package object list for an application that have an associated object type that is not included in the relevant object type list for the application. Votes for the protocol are received from the first set of applications for a second subset of object identifiers.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes receiving a request to initiate a data privacy integration protocol for applications in a multiple-application landscape. Voting responder group configurations are identified that group the applications into multiple voting responder groups for performing voting for the protocol. A voting request for the protocol is sent to applications in a first voting responder group. Data privacy integration protocol votes are received from the applications in the first voting responder group and a determination is made as to whether any application in the first voting responder group provided a veto vote for the protocol. If at least one application in the first voting responder group provided a veto vote for an object, the protocol is ended for the object without sending a voting request to applications in a second voting responder group.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining to initiate an integrated end of purpose protocol for an object of an object type. Target applications are determined that are allowed to process objects of the object type for at least one purpose, based on identified purpose information. An end-of-purpose query is provided to the target applications and an end-of-purpose status is received from each target application that indicates whether the application is able to block the object. The received statuses are evaluated to determine whether an aligned end of purpose has been reached for the object. In response to determining that the aligned end of purpose has been reached for the object, a block command is provided to each of the multiple applications that instructs a respective application to locally block the object.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining to initiate an integrated end of purpose protocol for an object. An end-of-purpose query is provided to multiple applications that requests each application to determine whether the application is able to block the object. End-of-purpose statuses are received, in response to the end-of-purpose query, that each indicate whether a respective application is able to block the object. The end-of-purpose statuses are evaluated to determine whether an aligned end of purpose has been reached for the object. In response to determining that the aligned end of purpose has been reached for the object, a block command is provided to each application that instructs the application to locally block the object in the application.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes receiving a request to initiate an aligned purpose disassociation protocol for a purpose for an object instance. Aligned purpose disassociation applications are identified that are each configured to indicate whether the application can disassociate the purpose from the object instance. Other applications are identified that area each configured to indicate whether the application can block the object instance. A can-disassociate query is sent to each of the aligned purpose disassociation applications. A can-block query is sent to each of the other applications. Can-disassociate responses are received from the aligned purpose disassociation applications. Can-block responses are received from the other applications. An aligned purpose disassociation decision is determined based on the can-disassociate responses and the can-block responses.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes receiving, from a requesting application in a landscape that includes a set of multiple applications, a data subject information request for a data subject. A set of target applications is determined from the set of multiple applications. The data subject information request is provided to each target application in the set of target applications. A data subject information response is received from each of the target applications. Each data subject information response includes application data for the data subject that was retrieved by a respective target application in response to the data subject information request. The received data subject information responses are aggregated to generate an aggregated data subject information response.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes receiving a request to initiate an aligned purpose disassociation protocol for a purpose for an object instance. A determination is made as to whether a timestamp is stored for the purpose and the object instance that indicates an earliest time that the purpose can be disassociated from the object instance. The request is accepted in response to determining that no timestamp is stored for the purpose and the object instance that is greater than the current time. A status request is sent to applications that requests a status response that indicates whether an application can disassociate the purpose from the object instance. Status responses are received from at least some of the applications. A disassociation decision for the purpose and the object instance is determined based on the received status responses.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes sending a block command for an object to each application in a multiple-application landscape that includes a master data distribution application. A blocking status is received from each application that indicates whether the application successfully blocked the object in response to the block command. An overall blocking status is determined based on the received blocking statuses. In response to determining that at least one application failed to block the object, an unblock command is sent to each application. An unblocking status is received from each application and an overall unblocking status is determined. In response to determining that at least one application failed to unblock the object, a redistribution request is sent to the master data distribution application to redistribute the object to applications that failed to unblock the object.

Abstract: Systems and methods include requesting, from a first application system, of a first one or more combinations of search parameters for identifying a data subject identifier of the first application system, transmission of a first query to the first application system including values of search parameters of a first one of the first one or more combinations of search parameters, the values associated with a first data subject, reception of a first data subject identifier of the first application system in response to the first query, transmission of a second query to the first application system including the first data subject identifier, and reception of data of the first application system associated with the first data subject identifier in response to the second query.

Abstract: The present disclosure involves systems, software, and computer implemented methods for aligned purpose disassociation in a multi-system landscape. One example method includes receiving, from multiple systems, a can-disassociate status for a purpose for an object instance. The status from a respective system can be an affirmative status that indicates that the system can disassociate the purpose from the instance or a negative status that indicates that the system cannot disassociate the purpose from the instance. The received statuses are evaluated to determine a central disassociate purpose decision for the purpose for the instance. The central disassociate purpose decision can be to disassociate the purpose from the instance when no system has the negative status and to not disassociate the purpose from the instance when at least one system has the negative status. The central disassociate purpose decision is provided to at least some of the multiple systems.

Abstract: Systems and methods include requesting, from a first application system, of a first one or more combinations of search parameters for identifying a data subject identifier of the first application system, transmission of a first query to the first application system including values of search parameters of a first one of the first one or more combinations of search parameters, the values associated with a first data subject, reception of a first data subject identifier of the first application system in response to the first query, transmission of a second query to the first application system including the first data subject identifier, and reception of data of the first application system associated with the first data subject identifier in response to the second query.

Abstract: Metadata describing access control capabilities of a database technology resource is received from an access control system. Access restrictions for accessing data of the database resource by users of an application that have a role are received from an application developer. A role maintenance user interface is generated, using the metadata, for assigning the role to users of the application. Attribute values for creating an instance of the role for a user are received, using the role maintenance user interface. The instance of the role is created for the user based on the received attribute values and the access restrictions. A request from the application for the user to access the database resource is received by the access control system when the user is logged into the application. The access restrictions are applied by the access control system in the database resource when the database resource is accessed.

Abstract: A system for protecting personal data is disclosed. The system includes a general data privacy regulator module having a dataflow controller configured to monitor data communicated to and from one or more business applications, and having a retention engine configured to retain personal information from the data communicated to and from the business application according to at least one data privacy regulation. The system further includes a data privacy compliance module connected with the general data privacy regulator module, and configured with the data privacy regulation to monitor the dataflow controller and report to a client computer. The system further includes a data subject privacy request module connected with the general data privacy regulator module and the data privacy compliance module, and configured to receive one or more requests from the cloud computing platform about a data subject stored by the business application and generate an action based on the one or more requests.