Product Updates

Boost Efficiency and Collaboration with Osano’s Integrated Assessment Tools

Imagine this: You’re knee-deep in a privacy impact assessment, trying to identify the most knowledgeable person in your organization to answer a series of complex questions about a particular data store and the purpose for processing personal information within that system. You send out emails, make phone calls, and chase down colleagues—only to find out that the person you need is on vacation or has moved to a different department. Once you finally track down the right person, you then have to manually replicate information from your data map into your assessment, ensuring all of the data matches perfectly. It’s time-consuming, frustrating, and prone to errors.  

This scenario is all too familiar for many privacy professionals. Performing privacy impact assessments (PIAs) and maintaining an up-to-date record of processing activities (RoPAs) simultaneously can be migraine-inducing, but with Osano’s integrated assessment and data mapping modules, these headaches become a thing of the past.  

Automatic Data Sync: Save Time and Ensure Accuracy 

Osano updates the data in your data map and assessments, so they're never out of sync with one another. Here’s how it works: If you fill out information on the data map, it automatically populates the corresponding fields on the assessment. Conversely, if you enter information on the assessment, it updates the data map. 

Why is this so beneficial?  

For starters, it eliminates redundant data entry. Any privacy pro will tell you that the repetition of questions between a RoPA, PIA, data protection impact assessment (DPIA), transfer impact assessment (TIA), and other assessment types is a major frustration. With this solution, you’re not wasting time inputting the same information twice. This not only saves time but also ensures consistency and accuracy across your privacy program. No more discrepancies between different parts of your system—everything is synced perfectly. 

Boost Efficiency and Accountability: Delegate Tasks and Foster Team Collaboration in Assessments 

Ensure the Right Person Handles Each Task with Smart Assignments  

One of the standout features of Osano Assessments is the automatic assignment of assessments to the owners of the systems in your data map.  

Instead of chasing down who’s responsible for a data store or who has the most information about its use in your organization, Osano simplifies the process. When it’s time to perform any kind of assessment involving that data, Osano handles the assignment process for you. When you select a data store for your assessment, Osano automatically assigns tasks to its designated owners using the information already populated in the data map.  

This automatic assignment isn’t just about convenience; it’s about efficiency and accountability. By ensuring the right person is responsible from the get-go, you’re cutting down on administrative tasks and making sure there’s clear ownership. This leads to faster, more accurate assessments and a smoother workflow overall. 

Delegate and Conquer Complex Assessments with Enhanced Collaboration Features 

Collaboration is key in any privacy program, and Osano Assessments shines here too. Once an assessment is assigned to a data store owner, they can delegate specific questions within the assessment to other team members or even external experts. This feature is a game-changer for several reasons. 

Firstly, it means the most knowledgeable person is answering each question. If a particular question falls outside the data store owner's expertise, they can easily assign it to someone who has the right knowledge. This leads to higher-quality, more accurate responses. 

Secondly, it fosters collaboration. Instead of one person shouldering the entire burden of an assessment, it becomes a team effort. This not only makes the process more manageable but also brings in diverse perspectives, improving the overall quality of your assessments. 

Engage Experts for High-Quality Assessments and Improved Privacy Program Participation  

Looping in the data store owner goes beyond efficiency and accountability. Involving the data store owner and other experts in the assessment process is a key advantage of the interoperability between Osano’s assessment and data mapping modules. When the most knowledgeable individuals contribute, the quality and reliability of responses improve significantly.  

Contending with complex data privacy regulations and technical data storage specifications require expertise. By ensuring the right people provide input, you enhance the credibility of your assessments, building a robust privacy program that withstands scrutiny. 

Collaborating with knowledgeable team members strengthens assessments and bolsters your privacy program. Involving non-compliance employees in the assessment process increases their understanding of privacy's impact on their roles.  

Automatically assigning assessments and involving others as needed helps employees see real-world applications of privacy policies. This engagement promotes better communication across departments, more conscientious data handling, and identification of potential compliance risks. Ultimately, it leads to stronger compliance and better data protection practices within the organization. 

So What Does This All Mean for You? 

By leveraging the integrations among Osano’s data mapping and assessment modules, Osano provides a more efficient, effective, and collaborative approach to managing your privacy program. If you’re looking to enhance your data privacy strategy, exploring these features in Osano’s platform is a great place to start. 

Ready to see it in action? Request a demo of Osano’s integrated modules today, and take the first step towards a more streamlined privacy management process. For more updates and tips on managing your privacy program, check out our latest articles or learn more about how Osano Assessments can help. Happy assessing! 

Availability

Privacy Assessments,  Product Updates

Navigating Google Consent Mode 2.0 with Osano

In March 2024, Google made a significant update to its consent management tools with the launch of Google Consent Mode 2.0. If you're using Google services, it's crucial to understand what this means for you and how Osano can help make the transition smooth and effective. 

Our partnership with Google highlights our commitment to simplifying data privacy management for businesses. Osano Cookie Consent integrates seamlessly with Google Consent Mode to capture and respect user preferences. This partnership not only streamlines compliance but also enhances the accuracy of your data for analytics and advertising. 

With Google Consent Mode 2.0, staying compliant and optimizing your data practices has never been more straightforward. Here's a detailed look at what Google Consent Mode is, what's new in version 2.0, and why it's essential for your business to upgrade. 

What Is Google Consent Mode? 

As of March 2024, Google introduced Google Consent Mode 2.0 to comply with EU regulations. If you use Google services and target European users, you may need to upgrade. 

What It Does 

Google Consent Mode lets you communicate your users’ consent choices made on cookie banners to Google tags or SDK. When that occurs, these tags can adjust their behavior and comply with users’ choices. As a result, you can respect user privacy choices when measuring conversions and remarketing users.  

What It Doesn't Do 

Consent mode does not provide a consent banner or widget. Instead, it interacts with your CMP (such as Osano Cookie Consent) to register user consent choices and dynamically adapt the behavior of analytics, ads, and third-party tags that create or read cookies.   

Do You Need It? 

You need to enable Google Consent Mode if you target users and you use:  

• Google Ads  

• Google Tag Manager  

• Google Analytics   

• GTag  

• Conversion Linker  

• Floodlight  

Without it, no data will be sent to your Google advertising platforms, which will adversely affect measurement, reporting, audience creation, and remarketing efforts.  

If you are an Osano user and need to integrate Google Consent Mode, you can do so in a few steps: here’s how.  

If you use Google Consent Mode and you do business in the EU, you may need to upgrade to Google Consent Mode 2.0. 

What's New in Google Consent Mode v2? 

Updated to Align with the Latest EU Regulations  

The original Google Consent Mode included two tag settings, which enabled users to communicate consent choices to Google tags that measure digital channel and advertising performance:   

• Analytics_storage: Does the user consent to their data being used for analytics?  

• Ad_storage: Does the user consent to their data being used for advertising?  

Permission is granted or denied via a site’s cookie banner.  

New Tag Settings for User Data and Personalization  

To comply with the Digital Markets Act in the EU, which went into effect in March 2024, Google Consent Mode 2.0 introduces two new tags:  

• Ad_user_data: Does the user consent to their personal data being used for advertising purposes?  

• Ad_personalization: Does the user consent to their data being used for remarketing?  

Do I Need to Upgrade to v2?  

You will need to upgrade to Google Consent Mode v2 if you:  

• Use Google Analytics, Google Ads, and Google Tag Manager  

• Use ad personalization and remarketing features 

• Target users in the European Economic Area (EEA)  

Importantly, publishers and developers using Google AdSense, Ad Manager, or AdMob are required to use a CMP that’s been certified by Google when serving ads to users in the European Economic Area or the UK.  

Google-approved CMPs undergo rigorous testing and approval for data handling, consent management, and privacy adherence. As a Certified Google CMP Partner, Osano’s team is here for any support and documentation you need to integrate Osano Cookie Consent with Google Consent Mode.  

Upgrade to v2 now. 

Additional Resources 

• Google+Osano Partner Page 

• Implementation Guide: Google Consent Mode v2 

• The Digital Markets Act  

Availability

Cookies & Consent,  Product Updates

Unveiling Osano's New AI Assessment Template

Artificial intelligence (AI) is transforming how businesses operate, providing unprecedented opportunities for innovation and efficiency. However, as our friendly neighborhood Spider-Man reminds us, with great power comes great responsibility—particularly regarding data privacy. 

AI's impact on business demands responsible usage, and even companies acting in good faith face the challenges of a growing regulatory environment and increased government scrutiny. Whether it’s the EU AI Act or Brazil and the EU calling out Meta for using personal information to train its AI without obtaining proper consent, AI risk and regulation is complex, evolving, and constantly moving. As a result, businesses must be proactive and ready for change. 

At Osano, we understand the critical need for businesses to navigate the complexities of data privacy in their AI initiatives. That’s why we’re thrilled to announce the launch of our new AI Assessment Template, an addition to our robust Osano Assessment module that’s designed to help businesses identify, document, and address potential data privacy issues associated with AI. 

Introducing the AI Assessment Template 

Our new AI Assessment Template builds on the success of the existing Assessment module, offering businesses a specialized tool to address the unique challenges posed by AI. Here’s how this template will enhance your data privacy efforts: 

Comprehensive AI Risk Identification 

AI technologies can introduce complex data privacy risks that traditional assessment tools might not fully capture. The AI Assessment Template is designed to help businesses identify these risks comprehensively. The assessment operationalizes the EU AI Act's risk-based approach by creating a granular checklist for each phase of the development lifecycle: planning, development, evaluation, operation, and retirement.  

Even if your use of AI is not strictly governed by the EU AI Act (which Osano’s AI Assessment Template can help you determine), using this operationalized framework helps identify and quantify your risk exposure. By considering factors such as the purpose for processing, what type of consent needs to be secured, data sources, processing methods, algorithmic transparency, and potential biases, the template ensures that no stone is left unturned in your risk identification process. 

Detailed Documentation 

Proper documentation is crucial for demonstrating compliance with data protection regulations. The AI Assessment Template serves as a means of documenting your AI-related data processing activities, the associated risks, and the mitigation measures you’ve implemented. This detailed documentation can be invaluable during regulatory audits and for maintaining transparency with stakeholders. 

For example, under the EU AI Act there are differing levels of risk associated with different kinds of AI models (which you can learn more about in our blog, What Is the EU AI Act? A Comprehensive Overview). Using Osano’s AI Assessment Template, privacy professionals can work with stakeholders across their organization to document whether and why the AI model in question falls into a particular risk category, such as a high-risk model that is subject to the strictest level of regulation applied to it. Not only does performing and documenting this analysis gives a firm basis on which to understand what actions you need to take to be compliant; it also helps to demonstrate compliance if a regulatory enforcement action takes place or if private litigation is instigated.  

Guidance for Tailored Mitigation Strategies 

Once you’ve identified potential risks, the next step is to identify and implement effective mitigation strategies. But mitigation can’t be divorced from the business needs. Privacy teams need to identify and build mitigation mechanisms that comply with regulations while helping ensure the needs of the business being supported or enhanced by AI are met. 

The AI Assessment Template enables privacy teams to build tailored recommendations that address the unique data privacy challenges posed by AI in their business. Creating tailored mitigation strategies and data protections ensures that your mitigation efforts are effective and compliant and that they’ll get implemented and adopted. 

Streamlined Workflow Integration 

At Osano, we recognize the challenges of integrating new tools into existing workflows. Our AI Assessment Template is designed to seamlessly blend with your current assessment and risk mitigation processes. With Osano Assessments, privacy teams can easily collaborate with other business units, ensuring that those with the most relevant knowledge contribute directly to the assessment.  

Having experts answer questions streamlines the process by providing accurate and detailed information from the start, reducing the need for follow-up clarifications. This approach provides the privacy team with the best information for making informed risk determinations and designing appropriate risk mitigation measures.  

Taken all together, Osano’s AI template and collaborative approach not only ensures comprehensive risk assessments but also significantly streamlines workflow integration, making Osano an invaluable tool for managing AI-related data privacy challenges effectively. 

Getting Started with the AI Assessment Template 

Ready to take your data privacy efforts to the next level? Getting started with the AI Assessment Template is easy. Simply log in to your Osano account and navigate to the Assessment module. From there, you can access the AI Assessment Template and begin conducting comprehensive risk assessments for your AI initiatives. 

If you’re new to Osano, now is the perfect time to join the thousands of businesses that trust our platform to manage their data privacy needs. Our user-friendly interface, comprehensive feature set, and dedicated customer support team make it easy to get started and achieve your data privacy goals. 

Learn more about Osano Assessments here or reach out to one of our experts to discuss how Osano can help your business meet the challenges and complexities of data privacy compliance. 

Availability

Privacy Assessments,  Product Updates

Compliance, Customized—Create Custom Assessments With Osano

Just like a master chef tailors a recipe to the tastes of their patrons, our latest feature allows you to customize your compliance efforts to suit your business needs perfectly.  

Osano is excited to unveil a significant enhancement to our compliance toolkit: Custom Assessments. This new functionality is designed to transform how businesses manage and execute their data privacy assessments, providing an unprecedented level of customization and efficiency. 

Tailored for Your Needs 

Custom Assessments allow you to craft templates that align with your organization's requirements. This capability ensures compliance with various global regulations, including the GDPR and CCPA; industry-specific requirements; as well as assessments for emerging technologies like artificial intelligence (AI). This customization goes beyond mere compliance—it enables your organization to handle data privacy with the precision and adaptability your organization needs and demands. 

Streamlined User Experience 

Setting up and managing assessments is made easier with Osano. After creating your custom templates, you can assign them directly from the Assessments section. The platform allows you to name your assessment, choose the appropriate template from your customized options, and manage the entire process within the Osano workflow. This streamlined approach not only saves time but also enhances the accuracy and effectiveness of your compliance efforts.  

Template Selection: Begin by accessing the "Templates" section within your Osano dashboard. Here, you can choose from pre-existing templates or create a new one to suit your specific needs. This initial step sets the foundation for the tailored assessments your organization requires, ensuring that each template meets your specific compliance needs. 

Customization and Evidence Collection: Customize your template by adding specific questions that align with your compliance goals. You can include a variety of response types, such as narrative answers or the option to upload evidence. This functionality is crucial for thorough documentation and verification of compliance, allowing respondents to provide both detailed explanations and tangible proof of their compliance practices. 

Review and Refinement: Before deploying your assessment, take advantage of Osano's preview feature to conduct a thorough review. This allows you to ensure that questions are clear and that the template effectively gathers all necessary information, including evidence submissions. Adjust the content, structure, or order of questions as needed to ensure clarity and compliance with regulatory requirements. 

Collaboration at Its Core 

Herding cats might seem easier than collaboratively managing a thorough compliance assessment, but Osano’s focus on collaboration streamlines this process beautifully. Assign assessments to internal stakeholders or invite external contributors to participate directly, ensuring that those who possess the most relevant and precise information are directly involved. This approach significantly enhances the accuracy of the data collected and thereby improves the reliability of your risk determinations. Our solution ensures that everyone is on the same page, making the assessment process as smooth as possible.  

Navigate the Future of Compliance with Confidence  

Osano's Custom Assessments represent the next step in the evolution of data privacy management—offering you an advanced level of personalization, accuracy, and ease that aligns with the dynamic nature of today's regulatory environment. With the ability to invite the most knowledgeable stakeholders to contribute, whether from within your organization or from external parties, the platform ensures your risk determinations are based on the most reliable information available. 

Discover more about how you can level-up your assessment process with Osano. 

Availability

Privacy Assessments,  Product Updates

Introducing Osano’s New Subject Rights Customization and Language Support

Get ready to elevate your subject rights experience with Osano! Designed to make your life easier while ensuring global compliance with local precision, Osano’s latest enhancements to Subject Rights streamline your workflows, help you connect more personally with your audience, and improve both compliance and the end-user experience. 

Automatic translations, bulk actions, and customized branding in privacy management tools represent a trifecta of efficiency, compliance, and reputation management. They allow privacy teams to operate more efficiently, meet regulatory requirements more effectively, and demonstrate a deep commitment to respecting and protecting user privacy. 

With these exciting advancements in mind, let's delve into the specific features we've rolled out and how they're set to transform your approach to subject rights management and compliance communications. 

🚀 Elevate Efficiency with Bulk Actions 

First off, we've given our Action Items page a complete makeover. The new and improved page now supports bulk action item assignment and completion. What does this mean for you? Efficiency at its best! Now, you can manage multiple action items with just a few clicks, saving you time and reducing manual effort. In Q1, Osano released the ability to handle action item assignments, complete requests with no results found, and bulk-reject or complete requests.   

🌍 Chatting in Every Language: Your “Tower of Babel” Moment

In our quest to make your interactions as smooth and personal as possible, we've introduced several updates to ensure your requester-facing communications resonate with your audience, no matter their language. Here’s what’s new: 

• Email and Secure Messaging Portal Translations: We’ve made it possible for requester-facing emails and the default content within the secure messaging portal to be automatically translated into the requester's language preference. Plus, you can now preview these translations on the Localization tab of the DSAR form. 
• Customizable Email and Webpage Content: With additional templates on the Templates tab, you have more freedom than ever to tailor the content of requester-facing emails and intake webpages. Whether a requester submits a request via email intake or is navigating the request process, your messages will always hit the right note. 
• Forms That Speak Fluent "You": To top it all off, forms are now automatically translated into the preferred language of the subject rights requester. This feature ensures that everyone, regardless of their language, can easily navigate and complete forms, making the request process as inclusive as it gets.  

In addition, Osano’s newly launched localization map within the Subject Rights module will let you preview the resulting emails and forms for a typical requestor from a given location. 

📝 Templates Galore: Your Style, Your Way  

We understand the importance of communication that not only informs but also reflects your unique brand voice. That's why we’ve expanded our Templates tab across the board. Whether it’s customizing emails for when a request is submitted, in progress, or even rejected, you have the creative freedom to ensure every touchpoint is perfectly aligned with your messaging. 

Why You’ll Love These Updates 

When you're handling global compliance with the precision of a local café's latte art, you're not just ticking boxes; you're building bridges. 

Embracing our latest updates transforms how you manage your privacy program, blending operational efficiency with an unwavering commitment to compliance. These enhancements ensure that your communications resonate across diverse audiences, breaking down language barriers and simplifying complex legal information into clear, accessible interactions. This shift not only streamlines your processes but also significantly bolsters your compliance posture across key regulations like the GDPR and CCPA.  

Streamlining the management of subject rights requests with automated translation and bulk action tools markedly boosts the privacy team's efficiency. This modern approach removes the need for time-consuming manual data entry and individual document handling, enabling a faster and more uniform response to requests. It catalyzes the team's ability to act promptly, reduces the likelihood of errors, and conserves valuable resources.  

Moreover, integrating your brand's unique identity into every communication not only ensures consistency across your privacy messaging but also builds trust with your users. 

Blending efficiency with a personal touch isn't just nice—it's essential. These updates are about more than just meeting the minimum requirements; they're about elevating your privacy practices to a level that places user respect and data protection at the core of your operations. This enhances your reputation and solidifies your position as a privacy-conscious organization in the eyes of users and regulators alike, while reducing the workload and potential risks introduced through manual efforts at maintaining a subject rights program. 

Availability

Product Updates,  Subject Rights Management

Meet the Osano Data Privacy Management Platform

Modern businesses and privacy programs can no longer manage privacy risk with point solutions. The problems are too numerous, the cost is too high, and the effort involved in orchestrating all of these different solutions is prohibitive. 

That’s why we're pleased to introduce the Osano Data Privacy Management Platform. 

This purpose-built privacy management platform empowers privacy professionals to navigate the complexities of global compliance, risk management, and privacy operations excellence. Crucially, the Osano Platform does so in a holistic manner that cuts down context switching, cost, and effort. Whether working on a single use case or building a whole program, Osano grows with an organization as its privacy programs mature.   

Here, you’ll learn why a platform approach to privacy is essential, how the Osano Platform addresses privacy challenges, and the features and capabilities you’ll benefit from as you navigate the modern privacy landscape. 

What Makes Privacy Risk a Hydra 

The more you look into data privacy compliance, the more you realize that it’s a multi-headed beast; solve one problem, and three more take its place. 

• Regulatory and operational complexity is overwhelming: Keeping up with privacy laws across jurisdictions is overwhelming for privacy professionals, let alone other business stakeholders. When they do understand requirements, operationalizing them is even more complex. Few organizations have their data mapped, and therefore, few organizations understand the location, purpose, and flow of data subject to privacy regulations. 
• Consumer trust is elusive: Even if you’re achieving compliance, it won’t matter much to consumers if they can’t sense your respect for their privacy. Nowadays, mistrust is the default. Winning consumer trust in this environment can be a huge edge—but it’s difficult to provide the consistent, transparent, and respectful experience that wins trust. 
• Existing tools lack scalability: It can be tempting to solve each new privacy challenge with a new tool or process. This approach, however, leads to a tangled nest of incomplete integrations, incompatible solutions, redundant workflows, and exhausting context switching. Ultimately, this means greater cost and slower operations while still suffering from high risk. 
• Risks abound: Data privacy risk isn’t just a matter of regulatory penalties. Organizations struggle to mitigate and manage risk associated with data breaches, where excess personal data collection makes your organization a more attractive target; M&A, where perceived risk could impact or outright stall an important deal; cyber insurance, where additional risk drives up premiums; and many other domains. 
• Resources are finite: Last but not least, businesses are struggling to manage all of these data privacy compliance challenges without breaking the bank. Businesses need an efficient solution to data privacy management—and working with a small galaxy of point solutions, spreadsheets, and manual processes is anything but efficient. 

How the Osano Platform Helps 

The Osano Data Privacy Management Platform offers a comprehensive suite of solutions that simplifies compliance, provides actionable clarity, and empowers privacy teams. The Osano Platform equips teams with the resources necessary to deeply comprehend their data and business operations, making Osano an essential element for timely, risk-aware, and operationally efficient decision-making. 

Equipped with the Osano Platform, you’ll gain capabilities related to consent management, data mapping, rights administration, comprehensive assessments, and vendor risk evaluation. Together, these solutions provide a holistic view of data movement within your organization across the data privacy lifecycle.   

Ultimately, this convergence of products solves the challenges faced by businesses and privacy teams struggling to achieve compliance: 

• Gain confidence and clarity in compliance management knowing that your teams can easily manage and update features like consent banners, subject rights request workflows, privacy assessments, and more for privacy regulations across the globe. 
• Earn user trust through centralized privacy policy publication tools, easy-to-use and understand subject rights portals, intuitive consent and preference management portals, and vendor management solutions that ensure you only work with organizations that can be trusted with your customers’ data.  
• Rest easy knowing that Osano scales with your organization, both as it expands territorially and as its data processing practices evolve. Automated capabilities help you keep your data map up to date as you add new systems, discover data to answer subject rights requests, deliver assessments, localize cookie consent banners and subject rights forms, and more. 
• Not only can you mitigate risk with Osano, but you can prove it too. Using Osano helps you demonstrate compliance with data privacy regulations; prove valid consents and changes to consents and preferences; identify what personal information is collected, where it flows, and assess why it’s processed; and ensure that vendors take care to ensure valid consent and deletion of data. 

Crucially, all of these capabilities function seamlessly together. Osano provides operational efficiency because its modules were designed to integrate with one another. The Osano Platform helps you do more with less by reducing duplicative work and integrating solutions together. 

The Six Core Modules of the Osano Platform 

Whether working on a single use case or building a whole program, the Osano Platform grows with an organization as its privacy program matures, ensuring the success of every aspect of data privacy management. The Osano Platform features six modules designed to coordinate and address the major needs of a privacy program: 

• Cookie Consent: Achieve compliance without the legwork by automating consent management for data privacy laws in 50+ countries.  
• Unified Consent and Preference Hub: Simplify compliance, enhance privacy, and build trust with an intuitive, centralized system for managing consents and preferences across touchpoints.  
• Data Mapping: Know your data, inside and out, through automated visualization and classification of data stores, ensuring alignment with your privacy risk strategy. 
  
• Subject Rights Management: Process requests in less time with more confidence by automating subject rights workflows and data discovery  
• Assessments: Simplify and centralize assessments with built-in and custom templates for privacy evaluations.  
  
• Vendor Privacy Risk Management: Transition from insight to action by proactively identifying, tracking, and managing privacy risks.  

The Simple, All-in-One Data Privacy Platform 

The Osano Platform offers you a seamless, unified means of managing data privacy compliance that avoids the all too common “frankenstack” experience. Purpose-built for data privacy, it empowers privacy professionals to attend to their responsibilities without endless context switching or bottlenecking, and it helps align privacy with other stakeholders in the organization. 

Schedule a demo of the platform to find out what it feels like to manage your organization’s privacy needs in a holistic, scalable, efficient manner. 

Availability

Product Updates

Introducing Vendor Discovery

Before you can manage vendor risk, you first need to identify who your vendors are. But identifying vendors can present some unique challenges for privacy professionals. The people who know the most about an organization’s vendors tend to sit in IT or finance, but the privacy function most often reports into legal, compliance, or risk. This means privacy professionals must gather information manually by meeting with IT, finance, and line-of-business leaders to uncover who all the vendors are in an organization before the work of managing vendor risk can begin.  

This manual process is time-consuming, leading to inefficiencies and slow reactions to emerging risks. To eliminate this hassle and get you up and going faster, Osano is introducing Automated Vendor Discovery. 

The Value of Automation in Vendor Discovery 

The Osano Privacy Platform now offers several unique ways to automate the vendor discovery process. By using multiple modules in the platform together, you can gain an efficient method for automatically discovering vendors and adding them to your vendor inventory.

Once Osano Cookie Consent is installed on your website, it automatically scans your site to identify website tags like cookies, scripts, and iframes. Now, any vendors associated with these website tags are automatically added to your vendor inventory without any additional effort.

Similarly, Osano Subject Rights Management adds another layer of vendor discovery automation. As automated data stores are added to the system, any associated vendors are added to your vendor inventory, as well. This integrated approach ensures a unified vendor workflow across the platform, enhancing the efficiency of vendor discovery and management.

Assessing Vendor Risk Accurately 

Once you have an inventory of your vendors, you can use Osano Vendor Privacy Risk Management to identify high-risk vendors and monitor vendor privacy posture over time.

Osano assesses vendors against high standards using a model with 163 privacy criteria and produces objective numeric scores so you can spot potential risks at a glance. With a dataset of over 11,000 vendors and growing, you can be confident Osano has got you covered.

Accelerate new vendor selection by rejecting low-score vendors outright and save time by conducting lightweight evaluations on high-scoring vendors without the need for a full, in-depth assessment. 

Then, you can monitor vendor privacy posture over time. Osano’s team of global privacy experts keeps a vigilant watch over vendor privacy practices and continually updates the vendor score dataset to reflect the latest regulations and vendor practices. Osano tracks changes in vendor risk scores, policy updates, and legal activity and notifies you to stay ahead of potential threats.

Streamlining Vendor Privacy Risk Management 

Osano Vendor Discovery is designed to simplify Vendor Privacy Risk Management. It removes the necessity for manual uploads and unnecessary coordination, enabling privacy professionals to focus on critical tasks. Now, managing risk and protecting privacy becomes a more efficient process.

Get started now by visiting the docs to learn more.  

Availability

Vendor Privacy Risk

Introducing Osano Automated DSAR Summaries and Deletion

Processing data subject access requests (DSARs) is a core part of every privacy program. From GDPR in Europe to the slew of new laws passed in the US and around the world, almost every privacy regulation includes provisions for the rights of the data subject (the person whose data is being collected and processed).

And yet, most businesses are still processing DSARs manually using email and spreadsheets. According to Gartner, manually processing a subject rights request costs an average of $1400 USD[1]. Today, we’re pleased to announce Osano’s new automated DSAR summaries and deletion so you can process DSARs in less time with more confidence. 

Osano subject rights demo 

This demo video shows an end-to-end flow of Osano’s subject rights management solution including Osano’s new capabilities to automate data summaries and data deletion.

How does Osano’s automated subject rights feature work?

When a data subject makes a DSAR to an Osano customer, there are several points of automation that would otherwise be a manual process without Osano: 

1. Automated email intake
2. Automated email verification
3. Automated task assignment
4. Automated data store owner notification
5. Automated data summary (NEW!)
6. Automated data deletion (NEW!)
7. Automated data packaging (NEW!)

Read on to learn more about how Osano automates these processes for you.

Automated email intake

Osano provides DSAR forms out-of-box that are simple to add to your website with one line of code. Forms are the best way to capture subject rights requests as they ensure you have all the key information you need such as the requestor name, location (so you know which laws apply), and the type of request (summary of data, delete data, correction, etc.). 

But what about requests made to your email address that isn’t processed through your form?

These emails can be time-consuming to process and often require multiple back-and-forth emails to obtain all the necessary info. Often, a group inbox needs to be set up and coordinating between internal stakeholders on who will answer which email is difficult.

With Osano's automated intake, you get a forwarding address with each DSAR form you create. Osano will then process any emails sent to your address by replying with a link to fill out the correct information in the DSAR form. This ensures every request is complete and you don’t waste time processing requests that don’t have the necessary info.

Automated email verification 

Once Osano receives a request, the first thing it does is send an email verification. This helps in 3 ways:  

1. Reduces or eliminates spam from automated bots that aren’t real people. Bots don’t have rights—but people do. Osano makes sure you can do the right by respecting people’s right to privacy without getting bogged down by robot spam.  
2. Reduces or eliminates fraud from nefarious actors. These days, it’s very easy to spoof an email and pretend to be someone you’re not. These bad actors might want access to someone’s info they shouldn’t have, or they may be attempting to attack someone by trying to get their data deleted. Osano email verification makes sure you know the email address listed was verified by the owner of the account.  
3. Verifies identity (in many cases). For many organizations, email address is the unique identifier used in their system to represent a user. If you have a verified email, this is often enough to verify a user’s idenity and process their request. Osano does enable you to capture additional files and infomation in case you need more info to verify a user’s identity depending on the local laws and your internal policies.  

Automated task assignment

The next step in processing a DSAR is to gather a list of all of the data stores that could be holding personal information (PI) and all of the data store owners. These data store owners are the administrators who are able to search that data store and fulfill a subject right request.

With Osano, you only have to set up this information once, and then every DSAR that comes in gets processed according to the rules you pre-set. You can designate how each field in a data store should be processed when a DSAR comes in. For example, when a deletion request comes in, you may want to delete a user’s data from a CRM system, but you may want to only redact information in your financial system if local laws require you to keep the record for a period of time.

When each DSAR comes in, Osano automatically identifies all the data stores that apply to that request type, and for manual data stores, automatically assigns the data store owner a task to process the DSAR. (For automated data stores, Osano processes the request for you!)

Automated data store owner notification 

Once you’ve identified which data stores and which data store owners need to be part of a DSAR, you need to communicate with all of them. In a manual system, this can lead to a tedious chain of emails.

With Osano, each data store owner is automatically notified via email that they have a DSAR to process. They can log into Osano to see all of the relevant information, such as the data subject’s details along with any notes about the data store fields.

Then, data store owners can even upload files that can be automatically packaged up when all the processing is complete.

Automated data summary (NEW!)  

Osano has a large and growing list of SaaS integrations that can perform automated summaries. In this case, when a data subject requests a summary of their data, Osano will automatically search the SaaS app for the user’s PI and output a CSV file with the summarized information.

Using automated data stores, processing DSARs goes from being a complex, multiple-step task to being as simple as clicking a button. With one click, the data requests manager can mark an identity verified, and with one click, they can package and send all files to the data subject using Osano’s secure messaging portal.

Automated data deletion (NEW!)

Automated deletion works the same way as Osano’s automated summaries. As long as the SaaS app supports deleting data via its API, then Osano will automatically delete the PI and provide a CSV file summarizing all the data that was deleted to send to the requester.

If you’d like, you can test an integration first by enabling automated summaries to see what info would be deleted. Then, when you feel comfortable doing so, you can enable automated deletion so your data store owners no longer need to manually delete the data. Instead, you can let Osano automate the process.

Automated data packaging (NEW!)

The final step in processing a subject rights request is to send the data to the user and inform them the request has been completed. In the case of a summary or deletion request, this includes packaging up all of the CSV files from associated data stores into a single zip file and sending it to the user. Osano automatically gathers all files that are either auto-generated by the platform or uploaded by data store owners and lists them together for the data request manager to review. There’s also an option to upload additional files if the manager wishes to do so. Then, with the click of a button, all of the files are packaged together into one zip file and sent to the original requestor via Osano’s secure messaging portal.

How to get started with Osano DSAR automation 

Osano subject rights management is included in Osano’s Premier pricing plan. If you are an Premier plan customer today, you already have access to subject rights management. Visit the geting started guide along with the automation docs to learn how to set up DSAR automation for your organization.

If you are not yet an Osano Premier plan customer, reach out to our sales team to start a conversation about how Osano can save you time while allowing you to comply with privacy laws in 50+ countries around the world. 

[1] https://www.gartner.com/en/newsroom/press-releases/2020-02-25-gartner-says-over-40-percent-of-privacy-compliance-technology-will-rely-on-artificial-intelligence-in-the-next-three-years

Availability

Subject Rights Management