1. Documentation
  2. Account Management

Data Subject Requests and Organizations

Data Subject Requests and Organizations

Only three user roles have access to DSAR Forms, Submissions, and Workflows. To access any DSAR features, users must have one of the following roles: 

Admin 

  • Full read/write access to all features and functionalities within the Osano platform.

Data Request Manager 

    • Read/write access to "Management" -> "Data Subject Requests" and most nested features. Ability to validate identities and change status on requests. This includes marking task completion and assigning data sources to DSAR requests.
Note: Data Request Managers will require the Datasource Owner role to see and edit data elements.

Datasource Owner

  • Read/write access to “Management” -> “Data Subject Requests” -> “Datasource Action Items”, “Data Elements”, and “Datasources.

To see a detailed breakdown of user roles view the linked USER ROLE MATRIX  or the related article Osano User Roles. 

Assigning DSAR Forms and Workflows to Organizations

When creating DSAR Forms, Admins and Data Request Managers will have the ability to add Organizations. When an organization is added, ONLY users with the appropriate roles who are a part of the same organization(s) can access that DSAR Form as well as the associated and workflows. Note that Organizations are only assigned to users and DSAR forms. All requests that are submitted via a certain form will belong to those Organizations. Data Elements and Data Sources are not restricted by Organization. 

Note: If a DSAR Form belongs to multiple organizations, members of all assigned organizations can access that Form and all associated submissions and workflows. Suppose the DSAR Form does not belong to an organization. In that case, the form and all associated submissions and workflows are accessible by ALL users with the appropriate roles. 

Example:

An administrator creates a form labeled "Europe (EU) GDPR Form" and adds the organization "EU" to that form.  In this case, ONLY Data Request Managers and Datasource Owners who belong to the Organization "EU" can access that Form and any requests submitted through said Form. 

Note: If you are a Datasource Owner and you are assigned to a Request that belongs to an organization that you are not a part of, you will STILL GET ALERTED and can manage your part of the process (The Datasource Action Item). 

Adding Organizations at the Time of Creation:

  • Navigate to the DSAR Dropdown
  • Select DSAR Forms. 
  • Click the (+) button to add a new DSAR Form.
  • Add the Form Name and Details.
  • Add the desired Organization(s) using the Organizations dropdown.
  • Click "Save."
  • The DSAR form is created with the Organization(s) attached. This DSAR Form and all associated submissions and workflows are only accessible to users with the appropriate roles that belong to the same Organization(s). 

Note: If a DSAR Form belongs to multiple organizations, members of all designated organizations will have access to that Form and all associated submissions and workflows. If the DSAR form has NO organization, ALL users with the appropriate roles can access that form and its associated workflows.


Adding Organizations after Creation:

  • Navigate to the DSAR Dropdown.
  • Select DSAR Forms. 
  • Click on the desired DSAR Form.
  • In "Details," add/edit the chosen Organization(s) using the Organizations dropdown.
  • Click "Save."
  • The DSAR Form is modified with the Organization(s) attached. This DSAR Form and all associated submissions and workflows are only accessible to users with the appropriate roles that belong to the same Organization(s). 

Note: If a DSAR Form belongs to multiple organizations, members of all designated organizations will have access to that Form and all associated submissions and workflows. If the DSAR form has NO organization, ALL users with the appropriate roles can access that form and its associated workflows.