Data discovery of personal data in relational databases

What is claimed is: 1. A method for processing personal data from a plurality of data tables, each data table having columns of attributes and rows of records, the method comprising: generating a sample of data representing data contained in a column of a first data table; analyzing the sample of data to identify personal data; based on analyzing the sample of data, marking the first data table as containing the personal data; receiving a request to generate a record of personal data of a subject, the record of personal data corresponding to one of known types of personal data of the subject; determining that the column of the first data table contains the one of known types of personal data of the subject and that the column of the first data table contains a first key that references a second data table that is marked as containing the personal data; identifying a second key in a third data table that references the column of the first data table, the third data table being marked as containing the personal data; and in response to the request, generating the record of personal data of the subject based on data in the first data table, the second data table, and the third data table. 2. The method of claim 1 , wherein analyzing the sample of data to identify the personal data comprises: determining whether the sample of data matches a list of known types of personal data. 3. The method of claim 2 , wherein the list of the known types of personal data includes at least one of a name, personal identity information, a physical address, an email address, a phone number, financial information, investment information, medical information, a social networking post, an IP address, a MAC address, a domain name, or a device identifier. 4. The method of claim 2 , wherein determining whether the sample of data matches the list of the known types of personal data comprises: responsive to determining that the sample of data matches one of a dictionary of text strings, determining that the sample of data includes personal data; responsive to determining that a format of the sample of data matches one of a list of formats, determining that the sample of data includes personal data; and responsive to determining that the sample of data matches data of columns determined to contain personal data, determining that the sample of data includes personal data. 5. The method of claim 2 , wherein determining whether the sample of data matches the list of the known types of personal data comprises: generating an estimate of probability that the sample of data matches one of the list of the known types of personal data. 6. The method of claim 1 , wherein marking the first data table as containing the personal data is performed separate from responding to the received request. 7. The method of claim 1 , further comprising: determining a matching score that is greater than a threshold value based on the sample of the data. 8. The method of claim 1 , further comprising: determining a second set of data tables referenced by the first data table; determining a second set of rows in the second set of data tables, the second set of rows being referenced by a first set of rows in the first data table; and processing the data associated with the second set of rows in columns that are marked as containing personal data. 9. The method of claim 1 , further comprising: determining a second set of data tables referenced by the first data table; determining a second set of rows in the second set of data tables that reference the subject; and processing the data associated with the second set of rows in columns that are marked as containing personal data. 10. The method of claim 9 , further comprising: determining a third set of rows in the first data table, the third set of rows referencing the second set of rows in the second set of data tables; and processing the data associated with the third set of rows in columns that are marked as containing personal data. 11. The method of claim 1 , further comprising: determining a second set of data tables that reference the first data table; determining a second set of rows in the second set of data tables, the second set of rows referencing a first set of rows in the first data table; and processing the data associated with the second set of rows in columns that are marked as containing personal data. 12. The method of claim 1 , further comprising: determining a second set of data tables that reference the first data table; determining a second set of rows in the second set of data tables that reference the subject; and processing the data associated with the second set of rows in columns that are marked as containing personal data. 13. The method of claim 12 , further comprising: determining a third set of rows in the first data table, the third set of rows being referenced by the second set of rows; and processing the data associated with the third set of rows in columns that are marked as containing personal data. 14. The method of claim 1 , further comprising: constructing a graph representing relationships among the plurality of data tables that are associated with the personal data; and traversing the graph to expand processing of data from the first data table to tables that reference or are referenced by the first data table. 15. The method of claim 1 , further comprising: removing the data from the column that are marked as containing personal data. 16. The method of claim 1 , wherein processing the data comprises producing the data from the columns that are marked as containing personal data. 17. A system for processing personal data from a plurality of data tables, each table having columns of attributes and rows of records, the system comprising: one or more processors; and memory to store instructions that, when executed by the one or more processors perform operations comprising: generating a sample of data representing data contained in a column of a first data table; analyzing the sample of data to identify personal data; based on analyzing the sample of data, marking the first data table as containing the personal data; receiving a request to generate a record of personal data of a subject, the record of personal data corresponding to one of known types of personal data of the subject; determining that the column of the first data table contains the one of known types of personal data of the subject and that the column of the first data table contains a first key that references a second data table that is marked as containing the personal data; identifying a second key in a third data table that references the column of the first data table, the third data table being marked as containing the personal data; and in response to the request, generating the record of personal data of the subject based on data in the first data table, the second data table, and the third data table. 18. The system of claim 17 , the operations further comprising: determining whether the sample of data matches a list of known types of personal data. 19. The system of claim 17 , the operations further comprising: determining a matching score that is greater than a threshold value based on the sample of the data. 20. A non-transitory computer-readable medium storing instructions for processing personal data from a plurality of data tables, each data table having columns of attributes and rows of records, the instructions executable by a processor