• Platform
    • Data Privacy Platform

      The simple, all-in-one data privacy platform

    • header__icon-1
      Cookie Consent

      Manage consent for data privacy laws in 50+ countries

    • user-square
      Subject Rights Management

      Streamline the DSAR workflow

    • shield-tick
      Vendor Privacy Risk Management

      Ensure your customers’ data is in good hands

    • list
      Assessments

      Gain insights with privacy assessment templates and workflow management

    • Platform features
    • Data Discovery
    • Privacy Templates
    • GDPR Representative
    • Consult Privacy Team
    • Regulatory Guidance
    • Integrations
    G2 - CMP - Spring 2023 (1)
  • Solutions
    • By Regulation
    • CPRA

      Discover how Osano supports CPRA compliance

    • CCPA

      Learn about the CCPA and how Osano can help

    • GDPR

      Achieve compliance with one of the world’s most comprehensive data privacy laws

    • By Organization Type
    • Icon (10)
      Start-Up

      Don’t let data privacy compliance get in the way of growth

    • Icon (11)
      Mid-Sized

      Preserve your competitive edge

    • Icon (12)
      Enterprise

      Manage data privacy at scale

    • By Use Case
    • Path
      Consent Management

      Manage consent without the complexity

    • Icon (14)
      DSAR Automation

      Never miss a DSAR deadline again

    • Icon (15)
      Vendor Risk Management

      Regain insight and control over your customers’ data

    • Icon (16)
      Privacy Program Management

      Build and grow an end-to-end privacy program

  • Resources
    • Resources
    • book-open-01
      Articles

      Expert insights on all things privacy

    • Icon (19)
      Newsletter

      Subscribe and become a Privacy Insider

    • Icon (17)
      Topics

      Research the most essential privacy topics

    • Icon (18)
      Free Privacy Audit

      We'll scan your website for privacy risk at no cost

    • Icon (20)
      Our Pledge

      No fines, no penalties

    • Icon (21)
      Product Updates

      What’s the latest with Osano?

    • Icon (22)
      System Status

      What’s the status of account management systems, the platform, and support systems?

    Latest Blog post

    map of the united states with GDPR icon overlaid

    GDPR Compliance in the U.S.: What to Know

    In 1992, Singapore banned the sale of all chewing gum. But if you...

    Read Now
  • Company
    • Vector
      About Us

      The Osano story

    • Icon (25)
      Careers

      Become an Osanian and help us build the future of privacy!

    • Icon (26)
      Contact

      We’re eager to hear from you

    • 
      Our Pledge

      No fines, no penalties

    • Icon (27)
      Data Licensing

      Add Osano data privacy ratings and recommendations to your application

    • Icon (25)
      Swag Store

      Fresh duds for data privacy fans

    • Icon (29)
      Press & Media

      Inquiries and Osano in the news

    • Icon (30)
      Partners & Resellers

      Interested in partnering with us?

  • Pricing
  • Log In Book a Demo
GDPR Compliance Software

The Simple GDPR Solution You've Been Looking For

Osano’s Privacy Platform can help you comply with the General Data Protection Regulation (GDPR). Osano gets you up and running quickly with capabilities for managing consent, templates and workflows for privacy assessments like Record of Processing Activity (RoPAs), automation for fast and accurate data subject access requests (DSARs), and more.

stacked hero image
JOIN 1000+ Companies using Osano
THE BASICS

What Is the GDPR?

Not enough time to slog through the GDPR’s 99 different articles? Check out our primer below.

Am I Subject to the GDPR?

Unlike other data privacy laws, there are no minimum thresholds before a business is subject to the GDPR. If you handle EU residents’ data, regardless of where your business is located, then you’re subject to the GDPR.

 

Specifically, if you meet any of the following criteria, you can assume the GDPR applies:

 

  • You process EU citizens’ data and your business is based in the EU.
  • You offer goods or services to EU citizens.
  • You monitor the behavior of EU citizens.
gdpr-rep-image-header-EU-flag

The 7 Principles of the GDPR

It’s easy to get caught up in the letter of the law and forget its spirit. That’s why the text of the GDPR lays out seven principles that embody the ideal that businesses should strive for when processing personal data.

 

  • Lawfulness, fairness, and transparency: Processing data should abide by the law, treat data subjects fairly, and be transparent.
  • Purpose limitation: Only process data for a legitimate, specific purpose disclosed to the data subject.
  • Data minimization: Collect and use only the data necessary to complete the specified purpose.
  • Accuracy: Keep data accurate at all times.
  • Storage limitation: Only store personal data as long as necessary for the intended purpose. Afterwards, delete it.
  • Integrity and confidentiality: Protect data's security, integrity, and privacy.
  • Accountability: Be able to demonstrate compliance through detailed documentation, train staff well, implement security measures, and adopt contractual protections with third parties who handle data.
gdpr-compliance-image-switchback-2

GDPR Requirements

As far as data privacy laws go, the GDPR is known for being highly protective of consumers. That means businesses have a lot of responsibilities to uphold when processing EU citizen data. Here are just a few GDPR requirements.

 

  • Collect, store, process, or sell data only after establishing a lawful basis for doing so—typically the data subject’s consent.
  • Secure consent that is freely given, specific, informed, and unambiguous.
  • Honor DSARs, such as requests to access, rectify, or erase data, within 30 days.
  • Notify all data subjects of a security breach within 72 hours of discovery.
  • Designate a data protection officer (under certain circumstances).
  • Conduct assessments like RoPAs and data protection impact assessments (DPIAs; under certain circumstances).
  • And more.

 

gdpr-compliance-image-slidebox-3-svg

GDPR Enforcement

Each EU member state has its own data protection authority (DPA) that levies penalties and fines. They investigate complaints, provide advice on data protection issues, and determine when the GDPR has been breached. If one of these DPAs finds your business in violation of the GDPR, you could be fined the greater of:

 

  • 4% of annual global revenue
  • €20 million
pii-api-image-slidebox-2
 GDPR COOKIE CONSENT

Manage Consent in Every GDPR Jurisdiction

When EU citizens visit your website, you need to provide the appropriate disclosures and consent options based on their local DPA. Osano detects the geolocation of EU visitors and automatically displays the relevant banner, blocking all data trackers until the visitor agrees to their use or to specific categories of data trackers.

Consent Management Icon-Violet
One Line of JavaScript

Osano Cookie Consent is easy to implement, with just one line of JavaScript on your website.

Consent Management Icon-Yellow
Compliant Across the EU and UK

Display banners that comply with ever-changing member state laws in 42+ languages.

Consent Management - map
GDPR DATA SUBJECT RIGHTS

Manage DSARs at Scale

When a data subject makes a request under the GDPR, you have to meet that request within 30 days. Responding to DSARs takes time away from more strategic initiatives, and 30 days can go by pretty quick if you experience a high volume of requests. Osano streamlines the subject rights request process, automates common request types, and enables a faster, more accurate workflow.

Consent Management Icon-Violet
Process Access, Correction, Erasure Requests and More

Fulfill all requests related to GDPR data subject rights.

Consent Management Icon-Yellow
Automatically Fulfill Summary and Deletion Requests

With human verification for accuracy.

Consent Management Icon-Green
Discover Personal Information Across Disparate Data Stores

From our 100+ pre-built integrations, or easily integrate your own custom data stores for rapid data discovery.

DSAR - workflow
GDPR VENDOR MANAGEMENT

Ensure Your Customers’ Data Is in Good Hands

Osano Vendor Privacy Risk Management  can help you identify vendors who can give your customers’ data the protection it deserves. Osano helps you conduct required vendor assessments, tracks vendor privacy changes and new lawsuits, and generates a proprietary Vendor Score to help you assess privacy practices at a glance.

Consent Management Icon-Violet
Assess Vendors at a Glance with Osano’s Vendor Score

Calculated via a 163-item proprietary ontology based on NIST and ISO standards.

Consent Management Icon-Yellow
Receive Alerts

For vendor lawsuits and privacy policy changes.

Consent Management Icon-Blue
Use Template Vendor Assessments

To take a deep dive into your vendors’ existing processes and document your compliance efforts.

Vendor - score
GDPR REPRESENTATIVE

Let Us Be Your Representative

When you work with Osano, we’ll serve as your required GDPR representative. Our subsidiary, Osano Compliance Services International, is based in Dublin, where our local team of privacy experts and attorneys are at your service to help with all EU-related issues.

vendor-risk-image-switchback-gain-visibility
Expert insights

Key Resources on All Things Privacy

Discover actionable compliance tips straight from our team of legal and privacy experts through our blogs, webinars, eBooks, guides, and more.

Image

Data Privacy Laws: What You Need to Know in 2023

Read Now
Image (1)

Your Action Plan for 2023’s State Data Privacy Laws

Download Now
Image (2)

Why Mailgun switched to Osano

Read Now

The GDPR Is Complex. Compliance Doesn’t Have to Be.

Simplify GDPR compliance with Osano. Let us show you exactly how easy meeting your GDPR obligations can be.