System Profile Page
The new System Profile Page (previously Inventory System Report) provides an overview of standard data processing use cases for each system, helping you understand where personal data lives across your organization and surface risk.
Report Data Categories
Below the Data Processing Report, each connected system's report will appear in the left navigation. Each system will display:
Legal Roles
- The legal relationship between your company and the given system.
Contacts
- Contact information of employees or entities associated with the system.
Legal Basis
- Lawful grounds for processing data from the system and the applicable countries.
Data Subject
- A Data Subject is a natural person who can be identified, directly or indirectly, using various online and offline identifiers, characteristics or inferences. Specific legal definitions vary
Personal Data Categories
- Personal Data, also called personal information or PII, is information relating to an identified or identifiable natural person.
- If a system has any of the below categories, we will also show that the system contains "Sensitive Personal Information" within the ISR
- Political affiliations
- Religious beliefs
- Philosophical beliefs
- Race or ethnicity
- Sexual orientation
- Health data
- Biometric data
- Criminal history
- Credit or financial data
- Trade union and membership information
- Personal identification (ID) numbers — license, social security, state ID cards, passports
- If a system has any of the below categories, we will also show that the system contains "Sensitive Personal Information" within the ISR
Personal Data Origins
- Personal data origins refers to how the personal data was originally collected for the system named in the report.
Processing Purposes
- Processing refers to any operation that is performed on personal data, such as collection, recording, storage, alteration, use, transmission, or erasure.
Data Distribution
- Data distribution refers to personal data transferred from the system name in the report to other systems in your inventory.
Data Subject Consent Origins
- Consent refers to any freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of their personal data.
Protective Measures
- Protective measures refers to any steps taken to safeguard data.
Additional Questions
- Additional information relevant to this system
- Ask your Customer Success Manager or reach out to support to add custom questions
Customizing your System Profile Page
DataGrail’s Intelligence Library leverages first and third party data powered by AI to pre-populate system metadata based on the most common use cases of that system. We collect information that helps our customers prioritize systems with more privacy risk based on the personal data they process and associated use cases.
While we have captured standard processing use cases for each system, you can customize the System Profile Page to reflect your organization’s specific use cases.
You can make edits directly in the System Profile page and the edits will automatically save.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.