Product Updates

Introducing DSAR email intake

posted on September 1, 2022

When it comes to data subject rights, balancing convenience for your users and efficiency for yourself can be a difficult task. On the one hand, you want to respect user rights and comply with data privacy laws so you want the ability to begin a DSAR to be as easy, accessible, and frictionless as possible. On the other hand, if it’s too easy to submit a DSAR you end up with a lot of spam in your system and a lot of fake or inappropriate requests that you need to filter through, which is a big waste of your time.

Today, we are excited to introduce email intake for Osano Subject Rights Management. Now, you can provide an easy-to-use email address where your data subjects can start their requests in a simple, low-friction way, but also enjoy the checks and filters that a proper DSAR intake form provides so that you can avoid spam.

Email vs forms

The two most common ways to receive DSARs are through email or through a dedicated DSAR form. 

Email is simple and easy to use. Promoting an email address is also an easy way for vendors to start receiving DSARs who haven’t in the past. But email comes with many downsides as well. It opens the window for a high volume of irrelevant requests that you shouldn’t need to filter through. Additionally, with email, a data subject can phrase their request however they like opening the door for misinterpretation and miscommunication. There aren’t any guardrails. Did they provide all the info you need to process the request? Not always. When you are missing information it usually requires multiple back-and-forth communications to get it all sorted. 

Similarly, DSAR forms come with pros and cons. They can be designed to be more compliant by asking the right questions upfront and ensuring a data subject provides all the necessary information to process the request before it gets to an admin. Also, this mitigates spam and false requests greatly. The only downside is that users need to find the specific link to get to your DSAR intake form. And even when your form is easy to find, some users will still make legitimate requests through email that by law can’t be ignored.

Introducing Osano email intake

With Osano, you get the best of both worlds. Osano provides out-of-the-box DSAR forms that are easy to embed in your website with one line of code. You can also automatically direct requests sent by email to a hosted version of the form without any web engineering effort required on your part. This solves the problem of form discoverability by making sure all of your subject rights requests eventually go through your form to collect all information needed to satisfy the request upfront.

How Osano email intake works

Now, every DSAR form created in Osano automatically generates an email address. Simply redirect or forward DSARs you receive to this email address and the requester will get a response directing them to a hosted version of your form. It’s that simple. To get started, visit the Osano email intake documentation.

Product(s) Affected

Subject Rights Management



Introducing unified Data Discovery and Subject Rights

posted on July 20, 2022

There are many facets to running a compliant data privacy program, from understanding the ever-changing privacy regulatory landscape to managing user consent. Two key components of complying with laws like GDPR, CCPA, and LGPD are managing subject rights and data discovery. As a complete data privacy platform, Osano’s got you covered with all of these practices and more. However, up until recently, Osano Data Discovery and Subject Rights Management could feel like they weren’t as connected as they should be. 

Too often, privacy tools are complex, difficult to learn, and difficult to use. Some vendors offer a wide array of services, but they’re all disconnected, which means you have to deal with multiple, completely different tools instead of just one privacy platform. It’s even worse when trying to integrate different point solutions to manage your privacy program. It’s like putting together a puzzle that’s made up of pieces from multiple different sets that were never designed to work together. You may eventually get to a complete picture, but it won’t look pretty. 

Although privacy laws and practices can be difficult to understand, they don’t need to be difficult to follow. Privacy is for everyone, and it makes the internet a better place. Everyday people should be able to practice good data privacy without having to treat it like a second full-time job. In the spirit of making things easier for you, we’ve completely reworked and redesigned our Data Discovery and Subject Rights Management products into a singular, unified experience. 

New unified Data Discovery and Subject Rights Management

Now, you can process DSARs in less time with more confidence while Osano automates key parts of the process,  such as assigning tasks to data store owners and performing user searches in your connected Data Discovery integrations. 

And we’re just getting started. The work we’ve done recently is foundational, with an eye toward the future. So, while you’ll instantly get an improved experience today with the new unified platform, we’ve got even more exciting automation planned. 

New features

We’ve reworked the entire DSAR and discovery experience to make it more seamless and streamlined,  but here are a few key features we’ve added: 

Automated data store Identification

Before, when you received a DSAR you needed to manually identify which data stores should be a part of that request before Osano could notify the data store owners. Now, Osano will automatically add data store to a DSAR based on the request type. For example, if a correction request comes in, then Osano will add all data stores that have at least one data field that has a required action for correction requests.  

Automated Assignment

Before, you needed to manually assign data store owners for each DSAR that came in. Now, Osano automatically assigns action items for users based on who is configured as the data store owner. 

Automated Processing

Before, you needed to manually run user searches needed for each DASR that came in. Now, Osano automatically runs user searches. Osano looks for any automated data stores that contain data fields with a request action that matches the DSAR request type, runs a search, and adds it to the request workflow.


In this video, you’ll see an end-to-end DSAR workflow using the new and improved Osano Data Discovery and Subject Rights Management.

Getting started 

Because we’ve made significant changes to the platform, we wanted to make sure everyone using Osano today could continue to do so with minimal disruption and ample time to prepare. We’ll be rolling out the new interface to different groups of people at different times. Here’s how the rollout plan will work: 

New DSAR users get access today

For new Osano accounts and existing accounts that have never used Osano’s Data Discovery and Subject Rights Management solutions, the changes are live in your account now. Simply log in, and you’ll have access to the new unified experience. 

Existing DSAR users get access on August 16, 2022 

To give you a heads-up and time to prepare, we won’t be converting existing accounts that use Data Discovery or Subject Rights Management for another few weeks. When you log in, you’ll see the same familiar interface, and everything will continue to work in the way you’ve come to expect. 

Getting ready for the new experience will require a little bit of effort on your part. To guide you through the process, we’ve put everything you need to know together into one migration guide. If you are using Data Discovery and Subject Rights Management today, you’ll want to be sure to check out the guide and plan to implement it before all accounts get cut over to the new unified experience on August 16. 

The steps you’ll need to take are simple and lightweight, but if you have any questions, concerns, or feedback, please reach out to your account manager and they can help you get your account migrated cleanly. The new experience is far superior, so we’re confident you’ll be pleased with the update. 

Given the scope of the changes, all accounts will need to migrate and the legacy versions of Data Discovery and Subject Rights Management will no longer be available after the cutover date.

What if I want the new DSAR sooner? 

Most accounts will be migrated on August 16, 2022, but we do have a few slots for earlier access. If you are an existing Data Discovery or Subject Rights Management user, and you’d like to get your account migrated sooner, reach out to your account manager to get added to the list. 



Osano can turn off Google Analytics in France and Austria, if you want it to

posted on June 22, 2022


Google Analytics has been in the privacy news recently[1]. In April, the Austrian data protection authority ruled that Google Analytics use was in violation of the EU’s GDPR. Then last week, the CNIL (France’s data privacy regulator body) issued updated guidance that the use of Google Analytics violates GDPR because it illegally transfers data from the EU to the United States[2][3].

For marketers that rely on Google Analytics for mission-critical information, this news can be disheartening. The balance between creating tailored experiences that are ultimately more enjoyable and respecting user privacy can be precarious, like Erich Brenn spinning plates to balance them atop wavering poles. As both technology and regulations rapidly evolve, Osano seeks to be an enabler to help you respect user privacy, comply with global regulations, and get the most out of your digital assets. 

In light of the latest changes in the privacy landscape, we’re updating Osano to provide you with what we believe are the best options available. Read on to learn about our new Google Analytics toggle and some of the complex nuances behind the simple new addition to Osano Consent Management Platform (CMP).

UPDATE: Italy has also been added to the block list based on recent guidance.

Implications of the CNIL ruling

For organizations that have website visitors in France and Austria, this ruling now requires some difficult choices. On the one hand, continuing to use Google Analytics opens up liability to fines and penalties. On the other hand, there aren’t many options available beyond disabling your use of Google Analytics altogether and completely losing that data for all of your users.



At Osano, we think both of these options are tough pills to swallow, so we’ve built a feature to help our customers navigate these compliance waters. 

Introducing the block list toggle for CMP

Osano CMP works by blocking or allowing tags (cookies, scripts, and iframes) based on their classification along with the consent choices of each web visitor. If a visitor consents to analytic tags but does not consent to marketing, then Osano will allow analytics cookies and block all marketing cookies.

With the latest guidance from CNIL, Osano has now created an override block list that will always block particular tags in particular regions. These same tags follow standard classification and consent rules in other regions. Today, the toggle only blocks Google Analytics in France and Austria. However, the CNIL ruling has implications that are broader than Google Analytics alone. Language in the ruling  talks generally about “audience measurement tools.” Other legislative bodies may also create similar restrictions in the future, so it is possible additional tools and regions could be added to the block list in the future.

How we approached this problem 

We continually take the pulse of the legislative privacy landscape and adapt to rapid changes. The Google Analytics scenario in Europe is one we’ve been monitoring from the start. When the original guidance came from Austria, our legal team looked at the situation and arrived at the general recommendation that continuing to use Google Analytics would not violate GDPR for organizations as long as they enabled Google Analytics’s IP anonymization feature. 

The latest guidance from CNIL in France goes a step further to say that it is not possible to configure the Google Analytics tool so as not to transfer personal data outside the European Union.

With this updated information, we began to look for a way to help our users comply with GDPR in France and Austria. Google Analytics doesn’t have a feature that lets you disable data transfers for a subset of users by region, so this leaves most folks in a place where their only course of action is to disable Google Analytics altogether. 

A core feature of Osano CMP is to serve different content to users based on their geolocation so they get an experience tailored to comply with the specific regulations in their region. Because this is already a built-in part of the way Osano CMP works, we were able to create the block list to selectively block Google Analytics only in France and Austria.  

Should you enable the toggle for your account?

ProTip: To qualify for Osano's "No Fines, No Penalties" pledge, you must enable the block list toggle.

Our strong recommendation is for all accounts to enable the block list. However, we understand that this may not be feasible for some customers. We wanted to be sure to describe the tradeoffs so that you can make an informed decision. 

  • Enabled: Google Analytics will be blocked for France and Austria. You will be compliant with GDPR, but you will not receive any tracking information for these regions. 
  • Disabled: Google Analytics will continue to be blocked/unblocked based on your tag categorization and how individual web visitors consent. You will not be compliant with GDPR and run the risk of being penalized. As such, you will not qualify for Osano’s “No Fines, No Penalties” pledge.

Getting started 

Log into your Osano account and navigate to the Consent Management tab to get started with the block list toggle. You’ll see the toggle as an option within each configuration. 

Starting today, all newly generated configurations will have the toggle enabled by default, and it can be manually disabled.

On your existing configurations, the toggle will be disabled. In order to take advantage of the block list (and qualify for the “No Fines, No Penalties” pledge), you’ll need to manually enable it on your existing configurations and republish your configuration for it to take effect. If you have a large number of configurations to manually update, reach out to our support team for assistance.

For more information see the user documentation, or reach out to our support team with any questions by using the in-app chat. 


Product(s) Affected

Core PlatformConsent Management




1 2 3 4 5
of 7
The managed data privacy platform

Get started with Osano today

Explore Osano

What's New at Osano

Introducing DSAR email intake

Capture data subject rights requests with the convenience of email and the efficiency of a dedicated intake form.

Learn more

New reworked DSAR and discovery

We've reworked and redesigned Osano Subject Rights Management and Data Discovery, unifying them into a single, seamless experience and creating automation to save you time.

Learn more

Stay GDPR compliant under new French ruling

Privacy regulators at the CNIL in France recently declared that Google Analytics violates GDPR. Osano’s new block list feature can disable Google Analytics in France to keep you compliant while allowing you to use Google Analytics in regions where it is still legal.


New in May 2022: DSAR conditional fields, 28 new integrations, and more!

Customize DSAR forms with conditional fields, serve consent banners in additional languages, use 28 new integrations for Data Discovery, and more! Check out our latest product announcement blog for demos, links, and more information.


New in April 2022: Admin notes, IAB TCF updates, and more!

Collaborate on DSARs with internal notes for request submissions. IAB TCF 2.0 Consent Management support has been updated per the latest IAB specifications. 11 new Data Discovery integrations and more! Check out our latest product announcement blog for demos, links, and more information.


View more product updates

Osano product & engineering teams have been hard at work. View the full list of all product updates.

View Product Updates