Working with DSAR
Working with DSAR
When working with DSAR and creating workflows, start by adding your data sources. A data source is anywhere you store customer data. Examples of data sources would be CRMs like Salesforce or Hubspot, Email Marketing tools like MailChimp or Constant Contact, internal databases, etc.
When you create new data sources, name them and add their owners. All data source owners must be users of Osano.com prior to being assigned to a data source. These data source owners will receive alerts when they are assigned an access request.
Once you have a baseline of data sources in Osano, place the DSAR form on your website.
The DSAR form asks for the following information from the data subject:
- First Name
- Last Name
- Country of Residence
- Proof of Identity (Photo identification)
- Requestor Type (Customer, Employee, Other)
- Request Type (Complaint, Correction, Deletion, Do Not Sell, Info, Opt-Out)
- Description of Request
Once the data subject submits this form, they will receive an alert in their inbox asking them to verify their email.
After the requests are submitted and the email has been verified, the Osano Org_Owner will be alerted via email and the request itself will be added to the DSAR queue in your Osano platform. These requests are filterable by type, status, date, etc.
Note: Data from pending requests is stored in Amazon's QLDB in an encrypted form. The only PII information that Osano keeps is the requester's email which is scrubbed upon request completion.
The Org_Owner will receive an alert the day that the DSAR is first requested as well as every 5 days after while the request remains unassigned. Notifications will also be made 5 days prior to an upcoming deadline (30 days after submission).
(Note: Alerts are not instantaneous. Org_Owners/Admins/Source_Owners will be notified at the end of the day about any outstanding DSARs.)
The Org_Owner or another Osano Admin can now go into the Osano platform and follow the instructions on completing the DSAR. First, the identity of the requester must be verified (the photo identification checked). Once verified, the data sources must be assigned. After the assignment, the managers of these sources will receive an email alerting them to their task (1 alert per day).
The data source owners must then complete their assigned tasks and mark them as such in the Osano platform. Again, alerts will be sent when no movement occurs for 5 days and 5 days before an upcoming deadline.
Once all data source owners have updated their statuses, an admin may "complete the request."
Upon completion, the requesting data source (end-user) will receive an email confirming that the task has been completed.