When it comes to data subject rights, balancing convenience for your users and efficiency for yourself can be a difficult task. On the one hand, you want to respect user rights and comply with data privacy laws so you want the ability to begin a DSAR to be as easy, accessible, and frictionless as possible. On the other hand, if it’s too easy to submit a DSAR you end up with a lot of spam in your system and a lot of fake or inappropriate requests that you need to filter through, which is a big waste of your time.
Today, we are excited to introduce email intake for Osano Subject Rights Management. Now, you can provide an easy-to-use email address where your data subjects can start their requests in a simple, low-friction way, but also enjoy the checks and filters that a proper DSAR intake form provides so that you can avoid spam.
Email vs forms
The two most common ways to receive DSARs are through email or through a dedicated DSAR form.
Email is simple and easy to use. Promoting an email address is also an easy way for vendors to start receiving DSARs who haven’t in the past. But email comes with many downsides as well. It opens the window for a high volume of irrelevant requests that you shouldn’t need to filter through. Additionally, with email, a data subject can phrase their request however they like opening the door for misinterpretation and miscommunication. There aren’t any guardrails. Did they provide all the info you need to process the request? Not always. When you are missing information it usually requires multiple back-and-forth communications to get it all sorted.
Similarly, DSAR forms come with pros and cons. They can be designed to be more compliant by asking the right questions upfront and ensuring a data subject provides all the necessary information to process the request before it gets to an admin. Also, this mitigates spam and false requests greatly. The only downside is that users need to find the specific link to get to your DSAR intake form. And even when your form is easy to find, some users will still make legitimate requests through email that by law can’t be ignored.
Introducing Osano email intake
With Osano, you get the best of both worlds. Osano provides out-of-the-box DSAR forms that are easy to embed in your website with one line of code. You can also automatically direct requests sent by email to a hosted version of the form without any web engineering effort required on your part. This solves the problem of form discoverability by making sure all of your subject rights requests eventually go through your form to collect all information needed to satisfy the request upfront.
How Osano email intake works
Now, every DSAR form created in Osano automatically generates an email address. Simply redirect or forward DSARs you receive to this email address and the requester will get a response directing them to a hosted version of your form. It’s that simple. To get started, visit the Osano email intake documentation.