Suggested DSAR Workflow
Step 1: Add DSAR Admins/Owners to Osano
Add your Datasource Admins and Datasource Owners to the Osano tool so that they may receive notifications about new DSAR requests and manager their portion of the workflow from within the application.
- Read/Write access to all aspects of the application.
- Datasource Admin
- Ability to validate identities, change status on requests including marking completion, and assign Datasources to DSAR requests. Read-only access to all other aspects of the application.
- Datasource Owner
- Ability to edit and complete assigned Datasource Action Items. Read-only access to all other aspects of the application.
Step 2: Add your Data Elements
Data Elements are pieces of information, usually personal information, that are frequently interacted with during data subject requests. Each can be assigned to one or more Datasources that contain these elements. Ex. First Name, Last Name, Address, Email, etc.
Step 3: Add your Datasources
A Datasource is any location in which customer data is stored. Datasources can be CRMs, backend Databases, Excel Spreadsheets, etc. When Customer Data Requests are received, they must be assigned to all relevant Datasources. Once assigned, the Datasource owners can complete the requests and communicate completion back to the subject.
Datasources should contain all of the following:
- A Name
- A Description
- One or more Datasource Owner(s) - These Owners MUST already be users of Osano
- (If Desired) One or more Data Element(s)
Step 4: Create your DSAR Form(s)
Create a DSAR form to be linked or embedded on your website. DSAR forms are comprised of custom fields and locked fields (required by Osano based upon the interpretation of DSAR guidelines as they are laid out by GDPR, CCPA, etc). Locked fields are always marked as "Required". Edit and style your form within the Osano application before linking or embedding your code on your site.
Step 5: Link or Embed your DSAR Form(s) on your Website
Once your form is designed, use the Link or Embed Code to add the form to your website. Now you are ready to start receiving DSAR requests and managing the workflow through Osano.
Step 6: Customers Submit DSAR Requests and Verify their Email
Once a customer submits a form on your site, they will receive the following screen:
Once submitted, this DSAR request will appear in your Osano portal under "Request Submissions" with the status "Pending Email Verification."
Until verified, the Osano admin can see the details of or reject requests, but cannot continue forward with the workflow.
The customer must then go to the inbox of the provided email address, find the verification email, and click on the "Verify Your Email" link. If the email is not verified, there is no way to continue with the request within Osano and the request must be rejected.
Once they have clicked "Verify Your Email", they will see the following screen and the workflow will now transfer from the customer to the Datasource Admin/Admin.
Step 7: Verify the Customer's Identity (If Applicable)
If you have removed the ID Verification step, proceed to Step 8.
Once the customer's email has been verified, the next step in the process is Identity Verification (if applicable). In some cases, the email verification process is sufficient to act as the identity verification step. Verify the Identity and click the "Mark Identity Verified" button to continue with the workflow.
Step 8: Assign Datasources to the Request
Once the Email/Identity of the customer is verified, an Osano Admin or Osano Datasource Admin must assign the appropriate Datasources to the request from the dropdown list of sources. These Datasources will depend on the request type and requestor type.
Once Datasources have been assigned, the Datasource Owners will receive an email (every 24 hours) alerting them to their task assignments within the Osano application. They must sign in to the application to see the details of their assignment.
Step 9: Datasource Owners Complete Action Items
The Datasource Action Items section contains details of each request. Here, Datasource owners can review the request details and keep others on their team updated on the status of each request. Once each Data Element (Data Record) is found and adjusted, the Datasource owner can mark the status as "Complete."
Once the status is marked as "Complete" it disappears from Datasource Action Items and cannot be accessed or modified thereafter.
Step 10: Complete the Request
Once all Datasource Owners have completed their tasks, the Datasource Admin or Admin can mark the entire Request Submission as "Complete". Once marked as complete, all details of this submission other than DSAR ID, Received Date, and Completed Date will be purged from the system.
At the same time, when the request is marked "Complete," the end-user will receive an email with a confirmation of completion and an audit of all actions taken.
Interlude: Rejecting a Request
You can reject a Request at any time by clicking the "Reject Request" button.
Once rejected, the request data will be purged and the customer will receive the following email with reasons for why the request may have been rejected.