Data Privacy Buy-In: The Usual Suspects and What to Say to Them
Getting the business to say “yes” to data privacy isn’t easy. Yet it...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: July 12, 2023
Published: December 9, 2022
With more and more data privacy laws coming into effect with some form of subject rights as part of their regulation, companies need help processing data subject access requests (DSAR) now more than ever.
But receiving, responding to, and managing DSARs is easier said than done. When you process data from millions of people, a DSAR can feel like a daunting task. Luckily, there are ways to make handling these requests simpler.
In this article, we’ll cover the features of DSAR software and platforms and what organizations need to know to find the best one for their company.
According to most regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), data subjects have the right to:
The first step in exercising these rights is submitting a DSAR. Upon receiving such a request, organizations must respond as soon as possible by providing the person access to their personal data.
There are two exemptions:
Before discussing DSAR software options, let’s take a quick look at the steps needed in an ideal access request.
This is where a DSAR platform can help. We'll start reviewing the software options by discussing what organizations have used in the past and what's available to them now.
Now that you know what a DSAR is and what the process of responding to one could look like, it’s time to discuss DSAR software. When it comes to DSAR software, you have three options: using pre-existing tools( like spreadsheets and email), building your own solution, or buying one.
For many companies, their first foray into responding to DSARs is using tools they already have—like email for getting the initial request and communicating with data subjects and spreadsheets for tracking the request and tracking down the data itself. There are a lot of problems with this solution:
So, if you’re not using your pre-existing tools, what’s next? Building your own may sound like an affordable, more attractive alternative. You know your processes, and your company, so why not build an in-house DSAR platform that answers all of the issues listed above?
This option has its downsides. Firstly, you’ll need an entire team to build the product. You'll need IT and data specialists who can connect your new software to all of the available databases your company currently uses, as well as lawyers or privacy analysts who know the ins and outs of all the laws you need to comply with. Software built in-house will also need ongoing maintenance, not just from a functional point of view, but also to keep up with any legal changes.
In other words, building your own software isn’t always the best, the easiest, or even the cheapest solution.
A DSAR automation solution can save you a lot of trouble. Privacy management companies are focused on helping you stay compliant. They’ll be faster at keeping up with legal changes and usually, updates are included in the price.
But not every DSAR solution looks the same. There are a few features you should look for, such as:
The data subject access request software you choose can make up the difference between a successful process and one prone to errors (which put you at risk of being out of compliance). Here are some things you’ll need to remember as you consider the right software.
It may be tempting to think that once you have your DSAR software, it will do all the work for you. Yes, a good platform can automate a lot of processes and make things easier. But it can’t replace people altogether.
You should never give 100% control over the DSAR process. Try to keep an eye on things like verification, approval, and denial of requests and other places where human intervention may be necessary to ensure people can exercise their rights. Accidentally denying a DSAR might cost you millions of dollars, so don’t let your software make all the decisions.
A common mistake when using DSAR automation is failing to aggregate all the personal data you collect. So before using such a solution, take time to look at all the places where you store data and tie them in with your software.
Reading the previous two sections, you might start wondering if automation is worth it to begin with. Blindly relying on a DSAR platform can set you up for failure. But so can trying to do everything manually.
DSARs can be time-consuming. Finding a tool that can automate processes like taking requests, doing basic validation, acknowledging the request, and responding to basic access requests will be a real lifesaver.
It will make the process smoother and give you and your team time and space to focus on the more difficult part of the process: ensuring all data subjects can exercise their rights.
Under many regulations, such as the GDPR, allowing users to opt-out of things like profiling and automated decision-making is a must.
This can be one of the most challenging aspects of a DSAR. So as you’re setting up your privacy platform ask yourself—do potential or current customers have the option to opt-out of certain data processing activities? If the answer is no, you have some work to do.
DSARs allow people to exercise their rights to access, information, deletion, portability, and more. Any person can submit an access request at any time. Upon receiving a DSAR, an organization needs to respond as quickly as possible.
The DSAR process can seem difficult, but it doesn’t have to be. DSAR software can help you automate most of it and help you stay compliant with regulations worldwide by allowing data subjects to exercise their rights.
While DSAR solutions don’t replace human intervention, they allow you to focus on the most difficult parts of the process.
Osano’s unified Data Discovery and Subject Rights platform will help you automate data subject rights requests. Users can easily submit their requests while offering a simple way for you to verify their identity. Our DSAR software can also assign tasks to the appropriate people, and deliver all the results in the required timeframe. Sign up for a demo today.
If a customer asked for all the data your company has on them today, would you know what to do? Our ebook can help!
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.