Data-subject access requests (DSARs) have become a core part of many privacy compliance efforts. Supporting DSARs is a requirement under the EU’s GDPR, and California’s privacy laws indicate that U.S. states are keen to follow its lead.
DSARs allow users to request the information a company has collected about them, as well as how it’s being used, with whom it’s being shared and why. It’s essential to have a system that allows you to fulfill these requests within the timeframe any given law requires. For that, you’d use Osano’s Data Discovery to understand, holistically, what data you have on any given user and where it lives, Osano’s DSAR Management to track requests.
But sometimes, Osano customers need to talk to data subjects about those requests. For example, a company fulfilling a DSAR might need to say to the data subject: "Can you please verify your full name and date of birth? The information you sent doesn't match ours."
Typically, those conversations happen over email. That can be difficult because now you’re operating out of two different portals, your DSAR tool and your email. If a regulator ever wanted an audit, that would mean a lot of detective work to cobble together information between systems. Plus, email communications can be insecure depending on what you’re using. Sending sensitive data related to a DSAR request over email could expose you to risk of a breach and associated fines.
The Secure Messaging Portal gives Osano customers and users one place – a secure place – to send and track messages about DSARs. Every communication is logged in the portal, so audit histories are simple to generate and view.