How Osano Can Help You Mature Your Privacy Program

Building, running, and managing an efficient data privacy program can feel overwhelming. If you prioritize maturing one element of your program, other elements may suffer; if you strive to meet a basic standard with all elements of a data privacy program, you may never have the time or resources to increase your program’s maturity level as a whole.

The trick lies in automating and streamlining the right tasks.

Broadly, the elements of a data privacy program can be divided into two groups. The first group requires human expertise—yours. Many of the elements of a mature, well-rounded privacy program can only be nurtured by a privacy professional. The second group may require less expertise to mature, less of a human touch, or more expertise that doesn’t relate to a privacy professional’s core skillset. To gain the time and resources to focus your attention on the first group, you need to automate and streamline the elements contained within the second.

With a data privacy platform like Osano, you can automate and streamline the activities associated with a number of elements in a mature data privacy program, including:

Consent Management

Taking a fully homegrown approach to consent management is asking for trouble. Consider the workload involved:

• Reviewing the tens of thousands of words of legalese in the text of every data privacy regulation covering the various jurisdictions where your customers and website visitors live.
• Translating those into various compliant banners that fire whenever a visitor from a certain jurisdiction accesses your website.
• Configuring the various data trackers on your website to fire or not fire depending on the individual’s consent preferences.
• Maintaining this system every time the law or your website changes. 

This approach, however, is a clearly inefficient use of your time as a privacy professional and the time of your colleagues in development, IT, legal, and operations.

Osano Cookie Consent manages this process for you. Unlike other consent management platforms (CMPs), Osano is fast and simple to implement—you can get started by just adding one line to your website and start managing consent within hours or days, not weeks or months. Then, Osano automatically scans your website or websites and auto-discovers your tags like cookies, scripts, and iframes that collect visitor data. Osano automatically categorizes these tags based on best practices, ensuring they fire or are blocked based on consent preferences.

Osano provides out-of-the-box banner templates that comply with the regulations of over 50 countries and disclose legally required information in your visitors’ preferred language. And if you use Osano Cookie Consent but still receive a fine from an authority related to the use of Osano, we pay the first $250,000 with our “No Fines. No Penalties.” pledge.

Subject Rights Request Management

Osano provides a comprehensive solution for capturing and processing subject rights requests, including:

• Auto-generated request forms and/or email addresses for accepting subject rights requests. You can then communicate with data subjects via a secure messaging portal in the Osano platform.
• Automated request task assignment so that different stakeholders who own the various stores of personal information across your organization have a clear understanding of the tasks they must complete. You’ll be able to review which tasks have been completed, which are ongoing, and which are at risk right within the app.
• Automated third-party vendor notification, which ensures that data subjects can make requests in regard to their personal information that has been transferred outside of your organization to your vendors.
• Automated data summary and deletion, which saves you from having to track down each and every item of data associated with a data subject across the various data stores in your organization. Osano identifies a data subject’s personal information and, pending your verification, deletes or summarizes the data depending on the request type.
• Automated data packaging, which provides data subjects their personal information in a portable format as required by law.

Using Osano to manage subject rights requests centralizes the DSAR workflow, reducing your reliance on multiple tools and data stores to fulfill requests. Moreover, Osano provides a transparent experience for your data subjects; you can communicate with requesters in a secure messaging portal in real time and automatically send emails (from templates that come pre-built within the platform) to keep requesters informed at each step of the process.

Data Mapping

Whether it’s filling out a RoPA or data inventory, quickly responding to DSARs, or identifying data privacy risk across your organization, the first step is to understand where your organization stores personal data. If you don’t know where personal data is being collected, where it lives, where it flows, and what’s happening to it along the way, you’ll have little insight into your organization’s overall compliance posture.

Osano Data Mapping integrates with your Single-Sign On (SSO) provider to discover systems that contain PI. With our library of pre-built integrations, you can easily connect to common systems to automatically classify PI. For niche or proprietary systems, our RESTful APIs and semi-automated workflows make integration and data classification fast, accurate, and easy. As a result, you’ll gain a visual, navigable data map that you can use to quickly identify your organization’s data landscape at a glance.

Still, some organizations have hundreds or thousands of systems that potentially handle personal data—that’s why Osano Data Mapping makes it easy to identify high and low-priority data stores. Osano scores discovered systems’ privacy risk based on the data fields they contain, the vendors they export data to, the identities they handle, and other factors, enabling you to quickly determine which data stores create the greatest risk and which require the greatest effort. Similarly, you’ll be able to flag irrelevant or deprecated data stores, cutting down on the amount of review you need to conduct on your data map. You can always return to review flagged data stores just in case you change your mind.

Managing manual spreadsheets and tables to serve as your data map can be a full-time job; even if your organization has data analytics specialists and systems, data privacy compliance needs often are the lowest priority for those in-demand resources. Osano Data Mapping gives privacy professionals a dedicated tool to quickly establish a data map to serve as the foundation for downstream compliance activities.

Vendor Risk Management

Vendor risk is especially challenging to manage—after all, you don’t have as much insight into your vendors’ operations as you do your own. The research and assessment process can be arduous, especially if you find a vendor you like, only to discover their privacy practices are not up to your standards. Your colleagues in development, sales, marketing, and other departments can easily become frustrated if they feel they’re being blocked from working with the partners they need to work with to be effective.

Osano enables you to rapidly identify trustworthy partners through our database of over 11,000 vendors, each scored with our Vendor Score. Using a combination of expert review, machine learning, and a proprietary 163-item ontology, Osano generates a Vendor Score that allows you to evaluate vendor privacy practices at a glance. What’s more, Osano’s other capabilities can help you automatically identify vendors and add them to your organization’s vendor privacy list.

• When Osano manages cookie consent on your website, it automatically scans and discovers any cookies or scripts associated with vendors and automatically adds those vendors to your vendor inventory.
• Data stores tracked by Osano for subject rights management are analyzed for vendor associations; if a data store belongs to a vendor, that vendor is automatically added to your inventory.
• And of course, you can manually add vendors to your inventory as well.

When vendors are subject to lawsuits over privacy violations or change their privacy policies, Osano automatically alerts you, ensuring you can quickly keep up with new sources of risk in your vendor ecosystem. We also provide templated vendor assessments so you can launch your own investigations into vendor privacy for regular or as-needed assessments.

Privacy Risk Assessments

Manually performing privacy risk assessments can be highly time-consuming, requiring you to:

• Search for the right assessment to fit your unique circumstances.
• Modify those assessments.
• Track which have been completed, which are at risk, and which are overdue.
• Follow up with stakeholders who have yet to complete a necessary assignment.
• Manage and store completed assessments.

Instead, using Osano to manage the assessment workflow makes this process significantly faster and less arduous. We provide a library of standards-based templates for assessment types like vendor risk assessments, data privacy impact assessments, RoPAs, and more. In Osano, you can quickly view which assessments are in progress, which have been completed, and which are at risk. When deadlines approach, Osano notifies assignees of outstanding assessments they need to complete.

Save Time for the Work Only You Can Complete

With Osano automating the tasks described above and more, you’ll have the bandwidth to turn your attention to the critical privacy activities that can take your privacy program to the next level, including privacy-by-design processes, training and awareness, your privacy culture, governance and accountability, and similar elements. Schedule a demo of Osano today to find out how you can increase the maturity of your data privacy program.