Product Updates

Introducing unified Data Discovery and Subject Rights

posted on July 20, 2022

There are many facets to running a compliant data privacy program, from understanding the ever-changing privacy regulatory landscape to managing user consent. Two key components of complying with laws like GDPR, CCPA, and LGPD are managing subject rights and data discovery. As a complete data privacy platform, Osano’s got you covered with all of these practices and more. However, up until recently, Osano Data Discovery and Subject Rights Management could feel like they weren’t as connected as they should be. 

Too often, privacy tools are complex, difficult to learn, and difficult to use. Some vendors offer a wide array of services, but they’re all disconnected, which means you have to deal with multiple, completely different tools instead of just one privacy platform. It’s even worse when trying to integrate different point solutions to manage your privacy program. It’s like putting together a puzzle that’s made up of pieces from multiple different sets that were never designed to work together. You may eventually get to a complete picture, but it won’t look pretty. 

Although privacy laws and practices can be difficult to understand, they don’t need to be difficult to follow. Privacy is for everyone, and it makes the internet a better place. Everyday people should be able to practice good data privacy without having to treat it like a second full-time job. In the spirit of making things easier for you, we’ve completely reworked and redesigned our Data Discovery and Subject Rights Management products into a singular, unified experience. 

New unified Data Discovery and Subject Rights Management

Now, you can process DSARs in less time with more confidence while Osano automates key parts of the process,  such as assigning tasks to data store owners and performing user searches in your connected Data Discovery integrations. 

And we’re just getting started. The work we’ve done recently is foundational, with an eye toward the future. So, while you’ll instantly get an improved experience today with the new unified platform, we’ve got even more exciting automation planned. 

New features

We’ve reworked the entire DSAR and discovery experience to make it more seamless and streamlined,  but here are a few key features we’ve added: 

Automated data store Identification

Before, when you received a DSAR you needed to manually identify which data stores should be a part of that request before Osano could notify the data store owners. Now, Osano will automatically add data store to a DSAR based on the request type. For example, if a correction request comes in, then Osano will add all data stores that have at least one data field that has a required action for correction requests.  

Automated Assignment

Before, you needed to manually assign data store owners for each DSAR that came in. Now, Osano automatically assigns action items for users based on who is configured as the data store owner. 

Automated Processing

Before, you needed to manually run user searches needed for each DASR that came in. Now, Osano automatically runs user searches. Osano looks for any automated data stores that contain data fields with a request action that matches the DSAR request type, runs a search, and adds it to the request workflow.

Demo

In this video, you’ll see an end-to-end DSAR workflow using the new and improved Osano Data Discovery and Subject Rights Management.

Getting started 

 

Because we’ve made significant changes to the platform, we wanted to make sure everyone using Osano today could continue to do so with minimal disruption and ample time to prepare. We’ll be rolling out the new interface to different groups of people at different times. Here’s how the rollout plan will work: 

New DSAR users get access today

For new Osano accounts and existing accounts that have never used Osano’s Data Discovery and Subject Rights Management solutions, the changes are live in your account now. Simply log in, and you’ll have access to the new unified experience. 

Existing DSAR users get access on August 16, 2022 

To give you a heads-up and time to prepare, we won’t be converting existing accounts that use Data Discovery or Subject Rights Management for another few weeks. When you log in, you’ll see the same familiar interface, and everything will continue to work in the way you’ve come to expect. 

Getting ready for the new experience will require a little bit of effort on your part. To guide you through the process, we’ve put everything you need to know together into one migration guide. If you are using Data Discovery and Subject Rights Management today, you’ll want to be sure to check out the guide and plan to implement it before all accounts get cut over to the new unified experience on August 16. 

The steps you’ll need to take are simple and lightweight, but if you have any questions, concerns, or feedback, please reach out to your account manager and they can help you get your account migrated cleanly. The new experience is far superior, so we’re confident you’ll be pleased with the update. 

Given the scope of the changes, all accounts will need to migrate and the legacy versions of Data Discovery and Subject Rights Management will no longer be available after the cutover date.

What if I want the new DSAR sooner? 

Most accounts will be migrated on August 16, 2022, but we do have a few slots for earlier access. If you are an existing Data Discovery or Subject Rights Management user, and you’d like to get your account migrated sooner, reach out to your account manager to get added to the list. 

Availability

Enterprise


Osano can turn off Google Analytics in France and Austria, if you want it to

posted on June 22, 2022

plate-spinning

Google Analytics has been in the privacy news recently[1]. In April, the Austrian data protection authority ruled that Google Analytics use was in violation of the EU’s GDPR. Then last week, the CNIL (France’s data privacy regulator body) issued updated guidance that the use of Google Analytics violates GDPR because it illegally transfers data from the EU to the United States[2][3].

For marketers that rely on Google Analytics for mission-critical information, this news can be disheartening. The balance between creating tailored experiences that are ultimately more enjoyable and respecting user privacy can be precarious, like Erich Brenn spinning plates to balance them atop wavering poles. As both technology and regulations rapidly evolve, Osano seeks to be an enabler to help you respect user privacy, comply with global regulations, and get the most out of your digital assets. 

In light of the latest changes in the privacy landscape, we’re updating Osano to provide you with what we believe are the best options available. Read on to learn about our new Google Analytics toggle and some of the complex nuances behind the simple new addition to Osano Consent Management Platform (CMP).

UPDATE: Italy has also been added to the block list based on recent guidance.

Implications of the CNIL ruling

For organizations that have website visitors in France and Austria, this ruling now requires some difficult choices. On the one hand, continuing to use Google Analytics opens up liability to fines and penalties. On the other hand, there aren’t many options available beyond disabling your use of Google Analytics altogether and completely losing that data for all of your users.

gdpr-hard-choice

 

At Osano, we think both of these options are tough pills to swallow, so we’ve built a feature to help our customers navigate these compliance waters. 

Introducing the block list toggle for CMP

Osano CMP works by blocking or allowing tags (cookies, scripts, and iframes) based on their classification along with the consent choices of each web visitor. If a visitor consents to analytic tags but does not consent to marketing, then Osano will allow analytics cookies and block all marketing cookies.

With the latest guidance from CNIL, Osano has now created an override block list that will always block particular tags in particular regions. These same tags follow standard classification and consent rules in other regions. Today, the toggle only blocks Google Analytics in France and Austria. However, the CNIL ruling has implications that are broader than Google Analytics alone. Language in the ruling  talks generally about “audience measurement tools.” Other legislative bodies may also create similar restrictions in the future, so it is possible additional tools and regions could be added to the block list in the future.

How we approached this problem 

We continually take the pulse of the legislative privacy landscape and adapt to rapid changes. The Google Analytics scenario in Europe is one we’ve been monitoring from the start. When the original guidance came from Austria, our legal team looked at the situation and arrived at the general recommendation that continuing to use Google Analytics would not violate GDPR for organizations as long as they enabled Google Analytics’s IP anonymization feature. 

The latest guidance from CNIL in France goes a step further to say that it is not possible to configure the Google Analytics tool so as not to transfer personal data outside the European Union.

With this updated information, we began to look for a way to help our users comply with GDPR in France and Austria. Google Analytics doesn’t have a feature that lets you disable data transfers for a subset of users by region, so this leaves most folks in a place where their only course of action is to disable Google Analytics altogether. 

A core feature of Osano CMP is to serve different content to users based on their geolocation so they get an experience tailored to comply with the specific regulations in their region. Because this is already a built-in part of the way Osano CMP works, we were able to create the block list to selectively block Google Analytics only in France and Austria.  

Should you enable the toggle for your account?

ProTip: To qualify for Osano's "No Fines, No Penalties" pledge, you must enable the block list toggle.

Our strong recommendation is for all accounts to enable the block list. However, we understand that this may not be feasible for some customers. We wanted to be sure to describe the tradeoffs so that you can make an informed decision. 

  • Enabled: Google Analytics will be blocked for France and Austria. You will be compliant with GDPR, but you will not receive any tracking information for these regions. 
  • Disabled: Google Analytics will continue to be blocked/unblocked based on your tag categorization and how individual web visitors consent. You will not be compliant with GDPR and run the risk of being penalized. As such, you will not qualify for Osano’s “No Fines, No Penalties” pledge.

Getting started 

Log into your Osano account and navigate to the Consent Management tab to get started with the block list toggle. You’ll see the toggle as an option within each configuration. 

Starting today, all newly generated configurations will have the toggle enabled by default, and it can be manually disabled.

On your existing configurations, the toggle will be disabled. In order to take advantage of the block list (and qualify for the “No Fines, No Penalties” pledge), you’ll need to manually enable it on your existing configurations and republish your configuration for it to take effect. If you have a large number of configurations to manually update, reach out to our support team for assistance.

For more information see the user documentation, or reach out to our support team with any questions by using the in-app chat. 

Sources

Product(s) Affected

Core PlatformConsent Management

Availability

BusinessBusiness+Enterprise

Resources


New in Osano: DSAR conditional fields, 28 new integrations, and more!

posted on June 8, 2022

DSAR conditional fields

From info requests to full deletion requests, DSAR intake forms do a lot of heavy lifting. Depending on the nature of the request and local laws, you may need more or less information from the data subject before they submit the form. But creating one form with every possible field you might want to know about is a poor user experience. The additional complexity of such a form can lead to mistakes in filling them out and prolong the time needed to process the DSAR. 

Now, with conditional fields, you can create optional fields that only appear if a previous answer was selected. For example, conditional fields enable you to ask if a data subject has a power of attorney, and then provide a file upload field only if they answer, “yes.” Optional conditional fields can be configured on both dropdown and multiselect dropdown fields. Check out the docs for how to create a request submission form to learn more about setting up and configuring DSAR forms. 

CMP language updates

This month we added some language improvements to our Consent Management Platform (CMP) banners for Norwegian, Hungarian, and English. 

ISO 639 is a common international standard used for websites and browsers to denote language using a 2-letter code. Norwegian has 3 possible language codes: Norwegian (no), Norwegian Bokmål (nb), and Norwegian Nynorsk (nn). Previously Osano CMP only supported no, but now contains support for nb and nn as well!

Osano supports banners in 40+ languages. Our pledged legally compliant banner text is generated in English, and then we use a combination of AI and manual translation to generate the text for each supported language. Because privacy laws are continually changing, we continually update our banners as well. From time to time we get feedback from native speakers on ways to improve our translations. Based on recent feedback from Hungarian users, we’ve tightened up our translations for Hungarian language banners. 

Finally, some banner text has been updated for customers using IAB TCF 2.0 mode enabled when they want different options for opening the preferences drawer. Previously, the text said that customers could modify their cookie preferences, “by clicking on the cookie icon.” However, for users who want to use a link to open the drawer rather than our cookie icon, the text now reads, “by clicking on the cookie icon or link.” These changes are currently only available in English (en and en-gb language codes.) 

28 new integrations for Data Discovery 

Osano Data Discovery finds data fields in your apps and categorizes them using AI. Our growing catalog of 90+ integrations helps you:

  • Find user data for data subject rights requests
  • Run data assessments in less time
  • Prove compliance with a categorized log of apps that store personal information

This month’s new integrations:

 

And more! 

For a full list of improvements see the May 2022 release notes.

Availability

BusinessBusiness+Enterprise

1 2 3 4 5
of 6
The managed data privacy platform

Get started with Osano today

Explore Osano

What's New at Osano

New reworked DSAR and discovery

We've reworked and redesigned Osano Subject Rights Management and Data Discovery, unifying them into a single, seamless experience and creating automation to save you time.

Learn more

Stay GDPR compliant under new French ruling

Privacy regulators at the CNIL in France recently declared that Google Analytics violates GDPR. Osano’s new block list feature can disable Google Analytics in France to keep you compliant while allowing you to use Google Analytics in regions where it is still legal.

LEARN MORE

New in May 2022: DSAR conditional fields, 28 new integrations, and more!

Customize DSAR forms with conditional fields, serve consent banners in additional languages, use 28 new integrations for Data Discovery, and more! Check out our latest product announcement blog for demos, links, and more information.

LEARN WHAT’S NEW IN MAY

New in April 2022: Admin notes, IAB TCF updates, and more!

Collaborate on DSARs with internal notes for request submissions. IAB TCF 2.0 Consent Management support has been updated per the latest IAB specifications. 11 new Data Discovery integrations and more! Check out our latest product announcement blog for demos, links, and more information.

LEARN WHAT’S NEW IN APRIL

New in March 2022: attachments, config sorting, and more!

Send and receive attachments in the Data Subject Rights secure messaging portal, filter and sort capabilities for your Consent Management configuration, and much more! Check out our latest product announcement blog for demos, links, and more information.

LEARN WHAT’S NEW IN MARCH

View more product updates

Osano product & engineering teams have been hard at work. View the full list of all product updates.

View Product Updates