Data Store Setup

  • Updated

What is a Data Store?

When using Osano, a data store is a defined repository or system where personal information (PI) is stored or can be found. Data stores are incredibly important components when it comes to managing and responding to subject rights requests, as they represent the various places within your organization where personal data might reside.


 

Required User Roles

One or more of the following roles is required to manage and maintain the Data Store section within the Osano Privacy Platform. 

Admin

  • Access: Read/Write access to all capabilities. 
  • Capabilities: Full access to all features.

Subject Rights Manager

  • Access: Read/Write access to all Subject Rights capabilities. 
  • Capabilities: Access to create and manage Data Stores and the Data Subject Rights process and workflows.


 

Types of Data Stores

Automated Data Stores

Automated data stores connect the Osano Platform over 100 third-party vendor data sources. These connections allow for automated data discovery, meaning that when a subject rights request is received and the requestor’s identity is confirmed, searches of these data sources will begin automatically. Once the search is complete, an action item is automatically assigned to a Subject Rights Assignee to validate the completeness and accuracy of the search results. 


Manual Data Stores

Manual data stores are used for data sources that are not directly connected to Osano. These stores enable manual data discovery, which means that when a subject rights request is received, an action item is automatically assigned to a Subject Rights Assignee to perform a manual search for personal data in systems outside of the Osano Platform. The Assignee must then attach the results of that search to the action item once it has been completed.


How to Create an Automated Data Store (Data Stores Page)

Note: You can also create both automated and manual Data Stores from your Sources > Discovered Data flow. The steps to do so will be similar to the below steps for manual creation. 


Step 1: Access the Data Stores Page

1. Navigate to the Data Stores page within the Osano platform.

Data Mapping - Data Stores Menu.png

2. Click the purple '+' button located at the bottom right of the page to initiate the creation of a new automated data store. Choose the 'Connect to third-party vendors to enable automated data discovery' option.

Data Stores - Add New Automated.png

Step 2: Select the Vendor

  1. Choose vendor you wish to connect to from the list provided.
    • This dropdown list provided for automated discovery includes over 100 third-party vendors that Osano can connect to for automated data discovery.

Data Stores - Automated Selection.png

Note: If you’re unsure which vendor to choose, consider which data sources are most likely to contain personal data relevant to your subject rights requests.

 

Step 3: Enter Required Information

1. Enter a Data Store Name: This should be descriptive enough to identify the data source easily.

2. Assign a Data Store Owner: The person responsible for managing and validating searches in this data store.

3. Provide Vendor-Specific Information: Depending on the vendor, you may need to enter additional information, such as an API key.

Note: Connection requirements vary by vendor, so be sure to refer to the integration documentation for specific setup instructions for all Osano supported vendors.

Data Stores - Slack Example - Automated.png

Above Example: Slack


Step 4: Field Creation, Mapping, and Classification

Once the connection has been established, Osano will scan the connected applications for applicable PI information. This scan can take up to 20 minutes to complete depending on the complexity of the integration and the amount of data that must be scanned.

Once the connection has run, Osano will provide a list of fields discovered within the connected application and will begin attempting to classify these fields based on the category of PI.

 

Data Stores - Fields.png

Example Integration: Salesforce

 

AI Classification: Osano’s AI will then attempt to classify the data in each field, identifying whether it contains personal data and, if so, what type.

Manual Updates and Overrides: If you need to add in any classifications or change any classification suggestions provided by Osano, you can do so on the Fields and Classifications tab by clicking the purple 'Update Selected Field' pencil icon next to each field. You can also bulk classify fields by selecting multiple fields and using the 'Edit' icon at the top right of the fields table.


Data Stores - Fields - Edit.png

 

Step 5: Set Recommended Actions for Subject Rights Requests

Choose Recommended Actions: For each classified field, determine the recommended action (e.g., deletion, correction) that should be taken when a subject rights request is received.

 

Data Stores - Fields DSAR - Edit.png

For example, if a Deletion request is received, and a field is classified with a 'Delete' action, an action item will be generated for the Datastore Owner to delete that data. If a field should never be deleted even when receiving a Deletion request, that field should be marked as "Not Applicable" (ex. financial information within 1 year of purchase)

 

Note: Unclassified fields will not generate action items, so it’s important to ensure all relevant fields are properly classified.

 

Step 6: Finalize the Data Store

Once all fields are classified and recommended actions are set, your automated data store is ready.

As subject rights requests come in, action items will be generated automatically based on the classifications and actions you’ve set up.

 


How to Create a Manual Data Store (Data Stores Page)

Note: You can also create both automated and manual Data Stores from your Sources > Discovered Data flow. The steps to do so will be similar to the below steps for manual creation. 

Step 1: Access the Data Stores Page

1. Navigate to the Data Stores page within the Osano platform.

Data Mapping - Data Stores Menu.png

2. Click the purple '+' button located at the bottom right of the page to initiate the creation of a new automated data store. Choose the 'Create a Manual Data Store' option.

Data Stores - Add New Manual.png

Step 2: Enter Basic Information

1. Enter a Data Store Name: Choose a name that clearly identifies the non-connected data source.

2. Provide a Description: Optionally, you can add a brief description to explain the purpose or scope of this data store.

3. Assign a Data Store Owner: This individual will be responsible for performing manual searches when a subject rights request is received.

 

Data Store - Manual Addition.png

Step 3: Manually Add and Classify Fields

Once the data store has been created, you can manually add the fields associated with this store.
[For more bulk management options, check out our REST API]

1. Navigate to the Fields Tab: Once your data store is created, go to the Fields tab.

2. Click the purple '+' Button: This will allow you to start adding fields manually.

Data Store - Add Fields.png

3. Enter a Field Name: Each field should represent a type of personal data stored in the non-connected data source.

4. Select a Classification: Choose the type of personal data stored in that field (e.g., name, email, address).

5. Set Recommended Actions: For each classification, determine the recommended action for subject rights requests.

Data Stores - Manual Addition Fields.png

Important: For a manual data store to be automatically assigned to incoming requests, it must have at least one classified field. If no fields are classified, the data store won’t be applied to new requests.

 

Step 4: Finalize the Data Store

After all fields have been added and classified, your manual data store is ready.

When a subject rights request is received, action items will be created based on the fields and classifications you’ve set up.


Additional Data Store Settings

Once your data stores have been created, both manual and automated data stores can be edited to include settings such as country associations, labels, purpose of processing and additional users/owners associated with the store itself.

Purpose of Processing 

In the context of data mapping within the Osano Privacy Platform, Purpose of Processing refers to the reason or objective behind collecting, storing, and using personal data within your data stores. It's a critical aspect of data governance, helping organizations ensure that data is being handled in compliance with legal regulations which require a clear justification for processing personal data.

When creating your Data Stores, you have the ability to tag the Purpose of Processing. This field is free text entry and, once an entry has been added to the bank, can be recycled for future use. 

Data Stores - Purpose of Processing.png

 

Data Store Owners

Data Store Owners will receive alerts when new action items are generated for a data store in which they are assigned as a user to. This allows them to participate in the completion of any DSAR requests associated with this Data Store in the future.

To add additional users/owners to a data store: 

  • Navigate to the Details Tab of the Data Store: This is where you manage assignees.
  • Add new Owners: Both Organizations and/or individuals can be associated with a single data store. 
    • Assign Organizations as owners of this data store. When this option is utilized, all users who are a part of the chosen Organization(s) will become owners of this Data Store. 
    • Assign Users as owners of this data store. When this option is utilized, individual users will become owners of this Data Store. 
  • Tip: Consider adding users who are responsible for the data source or who will assist in processing subject rights requests.
  • To Remove an Owner, click the 'x' next to their username in the Assignees field.

Data Store Owners.png

Remember, the Data Store Owner is automatically assigned to the data store by default. They will receive all action items generated for that store.


Next Steps: Forms Setup

Once your data stores are fully created and configured, you’re ready to move on to setting up Forms in Osano. This will help streamline the process of managing subject rights requests by providing a structured way for requestors to submit their information.