Product Updates

Introducing Privacy Assessments

posted on November 17, 2022

Conducting regular privacy assessments is a core privacy practice. From assessing the privacy impact of a new tool your team wants to implement to keeping records of how your organization processes data, assessments form the backbone of a well-run privacy program. Now, you can use Osano to conduct, manage, and track privacy assessments—including Data Privacy Impact Assessments (DPIAs) and Records of Processing Activities (RoPAs)—all from a central, secure location.

Are spreadsheets spreading you thin? 

For many organizations, the default tool for doing privacy assessments are Excel spreadsheets or Google Sheets. While spreadsheets offer great flexibility, the lack of guardrails can make the entire process confusing and frustrating. It’s like driving your family on vacation, but your car doesn’t have any seat belts or brakes. You may be able to reach the destination, but not without a lot of risk and stress. Finding the right questions to ask and the right people to answer them, along with making sure the assessment questions get answered correctly and in a timely manner, becomes a manual effort most folks don’t want to sign up for. 

Get there safely with Osano Assessments

With so much changing and so much to do, you may feel like your privacy program is always a bit behind. If you want to speed up your program and get there faster, while also keeping your assessments secure and compliant, Osano can help. 

Osano provides a simple, centralized set of assessment templates that can get you started quickly with high-quality assessments, designed by Osano’s privacy experts, and based on industry-standard best practices, such as guidance issued by the UK Information Commissioner's Office (ICO).

How to use Osano Assessments

DPIA and RoPA are available today, with more assessment templates coming soon. 

  1. Log in to my.osano.com 
  2. Navigate to Assessments
  3. Select the green + button to create a new assessment
  4. Provide a name and select a template (RoPA or DPIA) 
  5. Select a user to be assigned the assessment
  6. The assignee will be able to follow the step-by-step instructions
  7. See the Assessments documentation for a full set of quick start guides

Product(s) Affected

Core Platform

Availability

Enterprise


Introducing Osano Privacy Legal Templates

posted on October 24, 2022

Producing high-quality legal documents for your privacy program can be time-consuming, costly, or both. Now, with Osano Privacy Legal Templates you can get started faster by leveraging templates generated by our global team of privacy experts. And, giving your outside counsel a completed document to review, rather than starting from scratch, can save you big on legal fees.

Problems with today’s privacy document options

Whether you are a founder or leader with in-house legal counsel, or an organizational attorney who’s responsible for the full breadth of legal challenges, not just privacy specifically, the options for generating privacy documents like cookie policies, contractual clauses, and service addendums can be less than enticing. 

Document options

Challenges

Do it yourself

Spending the time to research all of the necessary laws and guidelines and then generating something you are confident in is a daunting task. 

Pay outside counsel

You can ask your outside counsel to generate these documents from scratch, but billing legal hours is the most expensive option.

Use general legal document templates

Some websites offer an array of legal templates from power of attorney and name changes to LLC and trademark filing. These sites sometimes have some privacy document templates, but not others. And, as generalists across the entire legal landscape, you can’t be confident that their privacy templates were generated by true privacy experts who are up-to-speed on all of the rapidly changing laws and rulings. 

AI Policy Generators 

Some tools can generate legal templates for you, sometimes using AI. Policy generators often produce inferior end results when compared with fill-in-the-blank document templates. Drafting legal documents requires knowledge of your specific business. AI that tries to give you a document based on it’s corpus of knowledge is often inaccurate and doesn’t fit with the specific needs of your business. 

Why use Osano Privacy Legal Templates? 

Osano now provides a library of privacy templates, created and maintained by Osano’s global team of privacy experts. The same team is continually up-to-speed on the changing privacy landscape and using that knowledge to update Osano’s compliant cookie banners and provide you with in-app regulatory guidance, is now also providing you with legal templates. You can rest assured with a high degree of confidence that you are using document templates generated by privacy experts. 

Save the time of searching the internet for inferior options. Osano Templates are available right in the Osano app and are usable in multiple formats including PDF, Word, Google Docs, and more

Save money on legal fees by sending your completed templates to your outside counsel for legal review rather than asking them to start from scratch. (NOTE: Osano Privacy Templates are not legal advice.) 

What templates are available? 

Currently, Osano features templates for

  • California Do Not Sell/Share Statement
  • California Notice of Financial Incentive
  • CCPA/ CPRA Service Provider Addendum
  • Cookie Policy
  • Data Processing Addendum
  • EU Standard Contractual Clauses 
  • GDPR Statement
  • Privacy Policy

How to use Privacy Templates

  1. Log in to your Osano accounts on my.osano.com
  2. Select Templates from the sidebar menu
  3. Click on the template to open in a new tab. 
    1. To use as a Google doc File > Make a copy. (You will need a Google account to copy as a Google Doc.) 
    2. To download in additional formats (no Google account needed) select File > Download and choose your format.
  4. Text highlighted in green should be replaced with language specific to your organization. 
  5. Text highlighted in yellow provides tips and guidance. Follow yellow highlighted instructions and remove the text from your final document.


For full details visit the Privacy Templates documentation.

Product(s) Affected

Core Platform

Availability

BusinessBusiness+Enterprise


Introducing DSAR email intake

posted on September 1, 2022

When it comes to data subject rights, balancing convenience for your users and efficiency for yourself can be a difficult task. On the one hand, you want to respect user rights and comply with data privacy laws so you want the ability to begin a DSAR to be as easy, accessible, and frictionless as possible. On the other hand, if it’s too easy to submit a DSAR you end up with a lot of spam in your system and a lot of fake or inappropriate requests that you need to filter through, which is a big waste of your time.

Today, we are excited to introduce email intake for Osano Subject Rights Management. Now, you can provide an easy-to-use email address where your data subjects can start their requests in a simple, low-friction way, but also enjoy the checks and filters that a proper DSAR intake form provides so that you can avoid spam.

Email vs forms

The two most common ways to receive DSARs are through email or through a dedicated DSAR form. 

Email is simple and easy to use. Promoting an email address is also an easy way for vendors to start receiving DSARs who haven’t in the past. But email comes with many downsides as well. It opens the window for a high volume of irrelevant requests that you shouldn’t need to filter through. Additionally, with email, a data subject can phrase their request however they like opening the door for misinterpretation and miscommunication. There aren’t any guardrails. Did they provide all the info you need to process the request? Not always. When you are missing information it usually requires multiple back-and-forth communications to get it all sorted. 

Similarly, DSAR forms come with pros and cons. They can be designed to be more compliant by asking the right questions upfront and ensuring a data subject provides all the necessary information to process the request before it gets to an admin. Also, this mitigates spam and false requests greatly. The only downside is that users need to find the specific link to get to your DSAR intake form. And even when your form is easy to find, some users will still make legitimate requests through email that by law can’t be ignored.

Introducing Osano email intake

With Osano, you get the best of both worlds. Osano provides out-of-the-box DSAR forms that are easy to embed in your website with one line of code. You can also automatically direct requests sent by email to a hosted version of the form without any web engineering effort required on your part. This solves the problem of form discoverability by making sure all of your subject rights requests eventually go through your form to collect all information needed to satisfy the request upfront.

How Osano email intake works

Now, every DSAR form created in Osano automatically generates an email address. Simply redirect or forward DSARs you receive to this email address and the requester will get a response directing them to a hosted version of your form. It’s that simple. To get started, visit the Osano email intake documentation.

Product(s) Affected

Subject Rights Management

Availability

Enterprise

1 2 3 4 5
of 7
The managed data privacy platform

Get started with Osano today

Explore Osano

What's New at Osano

Introducing Osano Privacy Legal Templates

Now, with Osano Privacy Legal Templates you can get started faster by leveraging templates generated by our global team of privacy experts.

Learn more

Introducing DSAR email intake

Capture data subject rights requests with the convenience of email and the efficiency of a dedicated intake form.

Learn more

New reworked DSAR and discovery

We've reworked and redesigned Osano Subject Rights Management and Data Discovery, unifying them into a single, seamless experience and creating automation to save you time.

Learn more

Stay GDPR compliant under new French ruling

Privacy regulators at the CNIL in France recently declared that Google Analytics violates GDPR. Osano’s new block list feature can disable Google Analytics in France to keep you compliant while allowing you to use Google Analytics in regions where it is still legal.

LEARN MORE

New in May 2022: DSAR conditional fields, 28 new integrations, and more!

Customize DSAR forms with conditional fields, serve consent banners in additional languages, use 28 new integrations for Data Discovery, and more! Check out our latest product announcement blog for demos, links, and more information.

LEARN WHAT’S NEW IN MAY

View more product updates

Osano product & engineering teams have been hard at work. View the full list of all product updates.

View Product Updates