Product Updates

Saudi Arabia and UAE banner updates

posted on January 4, 2022

Recent legislation requires a change to how cookie consent should be managed for users in the United Arab Emirates and Saudi Arabia. To comply with these new regulations, Osano Consent Management Platform (CMP) has updated the banners that are served to users in these regions. To enable the new banners on your site be sure to republish your configuration.  

Saudi Arabia has recently adopted the Personal Data Protection Law (PDPL), which will regulate data transfers and the collection, processing and sharing of personal data of residents and citizens of Saudi Arabia. The PDPL will go into effect on March 23, 2022, although additional regulations are expected. The new law provides rights to data subjects such as the right of access, correction and deletion, as well as the right to claim damages for material and non material harms. The PDPL requires consent for the collection of personal data, imposes data minimization principles and restrictions on retention as well as sharing of personal data. The maximum penalties of a provision of the regulations or rules are up to two years in prison or up to five million rials of fines. (Fines may be doubled if repeated offenses have occurred to up to ten million rials.) The law is clear that it applies to companies outside of Saudi Arabia that collect or process the data of individuals who are citizens or residents within the Kingdom.

Similarly, on Nov.  28, 2021, the UAE also enacted a comprehensive Personal Data Protection Law (PDPL), the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection. The new law applies to the processing of personal data of residents whether or not that processing takes place within the UAE and includes a fairly strict requirement for consent prior to processing personal data. The new law also provides data subject rights such as the right of correction and the right to restrict or stop processing of personal information. In addition, requirements outline the cross-border transfer and sharing of personal data for processing purposes. The law establishes the UAE Data Office, which will be responsible for preparing policies, additional regulation and guidance. The law became effective on Jan. 2, 2022.

To help you comply with this new legislation, Osano’s default banner behavior has been updated to show different banners to users in these regions. Because UAE and Saudi Arabia’s new laws enforce similar user protections as the European Union’s GDPR, these regions will now use the same banner with the ability to accept all, reject all and customize privacy preferences.

Again, to enable the new banners on your site be sure to republish your configuration.  

Why does this matter?

Both Saudi Arabia and the UAE's new laws provide data subjects with more rights than they previously had, and the updated banners ensure you're allowing them to exercise those rights. The banners help you to:

  • Comply with both new laws.
  • Help data subjects feel empowered.

 

Product(s) Affected

Core Platform

Availability

BusinessBusiness+Enterprise


Secure Messaging Portal

posted on December 16, 2021

Data-subject access requests (DSARs) have become a core part of many privacy compliance efforts. Supporting DSARs is a requirement under the EU’s GDPR, and California’s privacy laws indicate that U.S. states are keen to follow its lead. 

DSARs allow users to request the information a company has collected about them, as well as how it’s being used, with whom it’s being shared and why. It’s essential to have a system that allows you to fulfill these requests within the timeframe any given law requires. For that, you’d use Osano’s Data Discovery to understand, holistically, what data you have on any given user and where it lives, Osano’s DSAR Management to track requests.

But sometimes, Osano customers need to talk to data subjects about those requests. For example, a company fulfilling a DSAR might need to say to the data subject: "Can you please verify your full name and date of birth? The information you sent doesn't match ours."

Typically, those conversations happen over email. That can be difficult because now you’re operating out of two different portals, your DSAR tool and your email. If a regulator ever wanted an audit, that would mean a lot of detective work to cobble together information between systems. Plus, email communications can be insecure depending on what you’re using. Sending sensitive data related to a DSAR request over email could expose you to risk of a breach and associated fines. 

The Secure Messaging Portal gives Osano customers and users one place – a secure place – to send and track messages about DSARs. Every communication is logged in the portal, so audit histories are simple to generate and view. 

Screen Shot 2021-12-14 at 1-53-01 PM-png

Why does this matter?

The ability to securely communicate with your data subjects about their DSAR means you’re more likely to stay in compliance with privacy laws granting users access to their data and more likely to comply with security regulations. Keeping all of your communications in one place ensures an organized, timely response to data subject’s inquiries. It also enables a seamless audit process should a regulator come knocking on your proverbial door. 

Osano's Secure Messaging Portal allows you to: 

  • Communicate with data subjects about their DSARs.
  • Track all communications in one place.
  • Easily audit your DSAR communications.
  • More easily comply with privacy laws and security regulations.

If you are currently on an Osano Enterprise plan, visit the DSAR documentation to learn how to set up and start using the Secure Messaging Portal. If you’re not yet on an Enterprise plan, but would like to learn how the Osano capabilities in this tier can help your business, contact sales

 

Product(s) Affected

Core Platform

Availability

Enterprise


Updates to EU banners

posted on November 8, 2021

The regulatory landscape continues to shift as countries all over the globe continue to enact privacy laws. At the same time, regulators continue to issue guidance on how to best comply with the privacy rules those laws charge them with enforcing. 

Cookies, in particular, is a legal area that’s constantly in flux. Frequently, the debate is over when websites should be allowed to deploy tracking cookies on a website and for which purposes. Most importantly, how should websites deploying cookies communicate to end-users what’s happening with their data when they visit that site? That conversation is still evolving. 

The General Data Protection Regulation and the ePrivacy Directive are the governing laws here. But as companies experiment with different methods and designs to obtain consent to deploy cookies, regulators are getting more specific on rules for what the user interface should look like — at a minimum — to avoid regulatory scrutiny. 

Osano’s Consent Manager automatically displays a compliance pop-up to each end-user based on their geo-targeted location. Recently, EU regulators’ trending guidance indicates they want it to be as easy for an end-user to click “reject all” cookies as clicking “accept all.” And the Italian Data Protection Authority (known as the Garante) issued a requirement that goes a step further. The Garante has called for the presence of an “X” button within the cookie banner to symbolize the end-users’ ability to reject all but essential cookies.  

To ensure Osano customers can meet these new guidelines, the following will be added to the default banner experience in Belgium, Czech Republic, Denmark, Finland, Germany, Greece, Ireland, Italy, Netherlands, Spain and the U.K.:

 

  • An “X” allowing end-users to reject all tracking cookies. 
  • A “Reject All” button. 
  • A “Storage Preferences” link on the cookie banner’s first layer.

Here is what the Consent Banner for these countries looked like before:

Screen Shot 2021-11-05 at 3.15.24 PM

Here's what it looks like now: 

Screen Shot 2021-11-05 at 3.10.43 PM

Why does this matter?

Adding “Reject All” and an “X” to the consent banner in these EU jurisdictions and the U.K. positions Osano customers as compliant with the most recent compliance guidance from regulators. And including a link to more granular information about cookie deployment allows the privacy-focused end user to make a more informed decision on consent. 

Important: For customers using custom CSS to override the default banner experiences, we recommend testing this update on a staging site before publishing it to your production site to ensure there is no visual impact on your banner display.

 

Product(s) Affected

Core Platform

Availability

BusinessBusiness+Enterprise

The managed data privacy platform

Get started with Osano today

Explore Osano

What's New at Osano

Introducing Osano Privacy Legal Templates

Now, with Osano Privacy Legal Templates you can get started faster by leveraging templates generated by our global team of privacy experts.

Learn more

Introducing DSAR email intake

Capture data subject rights requests with the convenience of email and the efficiency of a dedicated intake form.

Learn more

New reworked DSAR and discovery

We've reworked and redesigned Osano Subject Rights Management and Data Discovery, unifying them into a single, seamless experience and creating automation to save you time.

Learn more

Stay GDPR compliant under new French ruling

Privacy regulators at the CNIL in France recently declared that Google Analytics violates GDPR. Osano’s new block list feature can disable Google Analytics in France to keep you compliant while allowing you to use Google Analytics in regions where it is still legal.

LEARN MORE

New in May 2022: DSAR conditional fields, 28 new integrations, and more!

Customize DSAR forms with conditional fields, serve consent banners in additional languages, use 28 new integrations for Data Discovery, and more! Check out our latest product announcement blog for demos, links, and more information.

LEARN WHAT’S NEW IN MAY

View more product updates

Osano product & engineering teams have been hard at work. View the full list of all product updates.

View Product Updates