System Profile Pages
The new System Profile Page (previously Inventory System Report) is a home base for systems, where you can leverage a variety of capabilities including managing business processes and use cases, risk assessments, and more!
About Section
To help you gain a better understanding of detected systems in their inventory, the system profile will contain important information such as a system description, company url, and other resources, when available.
System Details
Additional details are included here to help you better understand the processing use cases. For more information on System Details, please refer to our System Inventory documentation.
- Risks: This column surfaces specific risk criteria based on standard use cases of a system. This list is continuously updated to help you surface risk across your system inventory.
- Last Updated: When a System Profile page was last edited.
- Source: The way in which this system was added into your Inventory.
- Description: When available, DataGrail will include a description of the system to help you quickly get acquainted with what processing activities are commonly associated with the system.
- You can override the existing text with custom descriptions that capture your organization's unique use case of that system.
- Resources: When available, DataGrail will include links to the system's privacy policy or subprocessor URL.
- The subprocessor URL is how we source "AI subprocessors," which is one of the criteria used to flag "AI Detected" risk.
Contacts
In this section, you will be able to see and manage relevant contacts associated with this system or with your overall privacy program.
- Data Protection Officer or Data Controller: In Settings, you can add the contact information for your organization's Data Protection Officer (DPO) and Data Controller.
- The DPO and the Data Controller will be included in the Contacts section for each system by default.
- System Contacts: You can also add specific contacts for each system if your organization has distinct owners for each system.
Learn more about how to manage your contacts here.
System Overview
DataGrail Instant Risk Categories pre-populate system metadata based on the most common use cases of that system. This helps our you understand which systems are more likely to have privacy risk based on the personal data they process and associated use cases.
You can verify and update the default metadata by updating the default report or creating a new Business Process Report to capture your organization's unique use cases.
Personal Data Categories
Personal Data, also called personal information or PII, is information relating to an identified or identifiable natural person.
If a system has any of the below categories, we will also show that the system contains Sensitive Personal Information within the report:
- Political Affiliations
- Religious Beliefs
- Philosophical Beliefs
- Race or Ethnicity
- Sexual Orientation
- Health Data
- Biometric Data
- Criminal History
- Credit or Financial Data
- Trade Union and Membership Information
- Personal Identification (ID) Numbers (License, Social Security, State ID Cards, Passports)
Data Subjects
A Data Subject is a natural person who can be identified, directly or indirectly, using various online and offline identifiers, characteristics or inferences. Specific legal definitions vary.
Processing Purposes
Processing refers to any operation that is performed on personal data, such as collection, recording, storage, alteration, use, transmission, or erasure
Additional Details
Depending on your organization's goals and reporting requirements, you can choose to add additional details regarding the system's processing of personal data.
Default fields include:
- Legal Roles: The legal relationship between your company and the given system.
- Legal Basis: Lawful grounds for processing data from the system and the applicable countries.
- Processing Countries: The locations where personal data is being processed or stored.
- Personal Data Origins: Personal data origins refers to how the personal data was originally collected for the system named in the report.
- Data Distribution: Data distribution refers to personal data transferred from the system name in the report to other systems in your inventory.
- Data Subject Consent Origins: Where consent is the legal basis the methods by which valid consent is obtained. Consent refers to any freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of their personal data.
- Protective Measures: Protective measures refer to any steps taken to safeguard data.
- Additional Questions: Additional information relevant to this system
- Ask your Customer Success Manager or reach out to support@datagrail.io to add custom questions.
Updating Your System Overview
DataGrail's Intelligence Library leverages first and third party data powered by AI to pre-populate systems metadata based on the most common use cases of that system. This helps you understand which systems are more likely to have privacy risk based on the personal data they process and associated use cases.
While we have captured standard processing use cases for each system, you can customize the System Profile Page to reflect your organization's specific use cases.
Learn More About Managing Business Processes and Editing System Profiles
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.