PRIVACY IMPACT ASSESSMENT SYSTEM AND ASSOCIATED METHODS

摘要

A privacy impact assessment system [100] implements a method for data privacy compliance code generation. The system creates a legal architecture [107] from legal guidance [420] and a legal metadata test [430] associated with a jurisdiction of interest. The system creates a privacy architecture [108] from privacy guidance [520] and a privacy metadata test [530] (either process-level or transaction-level). Upon receipt of a data flow identifier [620], the system retrieves an associated privacy metadata test [530] from the privacy architecture [108]. If a relevant jurisdiction [660] from the privacy metadata test [530] matches the jurisdiction of interest of the legal metadata test [430], the system retrieves the legal metadata test [430] associated with the jurisdiction of interest from the legal architecture [107]. The system uses the privacy metadata test [530] and the legal metadata test [430] to determine an outstanding risk [690] to privacy information used by a data flow present in the privacy metadata test [530], and to create a privacy impact assessment report [697] highlighting the outstanding risk [690].