Zoho CRM is on its way to GDPR Compliance
Hello folks,
GDPR has been the talk of the hour and we would like to ensure that this GDPR fever does not come in the way of your business and selling. There are several GDPR centric enhancements in Zoho CRM that will be released in a phased manner to all our users in the following weeks.
Designed to help you meet the privacy standards set by the European Union, these enhancements will provide a streamlined mechanism for you to collect, process and store your customer data in conformation with the GDPR.
So what is GDPR and how will it affect your business?
GDPR or General Data Protection Regulation is a landmark policy aimed at empowering citizens of the European Union regarding their personal data. With increasingly complex flow of information across the world, GDPR aims to give EU citizens more direct control on how their personal information is being processed in addition to improved data privacy.
GDPR not only applies to companies in the EU region but to any organization that collects or processes the data of EU citizens. If you are one of those organizations who collect or process data of EU citizens, the following enhancements in Zoho CRM are for you.
GDPR centric enhancements in Zoho CRM:
We have split GDPR requirements into Data collection, Data processing and Data Subject Rights. In the sections below, we state the GDPR requirements along with the respective enhancements in Zoho CRM that meet them.
Note: The Organization collecting customer data is referred to as "Data Controller"/"Controller", your customers are referred to as "Data Subjects" and Zoho CRM will be the "Data Processor".
1. Data Collection
GDPR demands that personal information collected from Data Subjects should be limited to what the Data Controller needs in order to deliver its services, and a legitimate need in case of requesting additional information must be demonstrated. It is also mandatory that you state the purpose and get clear consent when collecting personal information.
Consent must be explicit, where Data Subjects take an affirmative action (clicking on the checkbox, so no pre-ticked check boxes). Controllers are also expected to be transparent about the duration for which the data will be processed.
Consent Form: Consent is one of the cornerstones of GDPR, as the execution of any processing activity now depends on the consent provided by the Data Subject. So in-order to demonstrate compliance, it is mandatory that a Data Controller identifies Data Subjects who require consent and those who do not require it under criteria such as Legitimate interest, Vital interest, Public interest, Contract, Freely given consent and other basis. After identifying this, the Data Controller should get consent from Data Subjects who require consent and be able to provide proof of consent if needed.
The fully customizable consent form in Zoho CRM allows Controllers to get explicit consent in regards to:
- The purpose of data collection.
- Preferred communication channel.
- Duration for which the data can be processed or consent duration.
- Sharing information with connected services.
Consent from Data Subjects, in written declaration or orally obtained consent (through email or telephone) can be attached to the form using the Attachment option.
Once the Data Subject has submitted their consent, it's stored under the Data Subject's record details page for the purpose of official record and for the Controller to know their actionable items from the data provided. For example, if a Data Subject has explicitly stated that their preferred channel of communication is email, then they are not to be contacted through any other means.
Double Opt-in Mechanism: This is one more compliance feature which you can use when setting up webforms. Anytime a Data Subject submits their information through a webform, a double Opt-in email is sent to them to confirm their registration/sign-up.
Double Opt-in Mechanism: This is one more compliance feature which you can use when setting up webforms. Anytime a Data Subject submits their information through a webform, a double Opt-in email is sent to them to confirm their registration/sign-up.
Data source tracking: Data Subjects' information can be pushed into Zoho CRM from multiple sources which include direct sources like web-forms, and indirect sources such as imports, manual entries, APIs, and third-party integrations.
The source and additional details if any (like the URL, IP address and geo-location) will be documented in the record details page. The screenshot below shows a new section called Data Privacy, under which Data source and the respective consent details are populated.
2. Data Processing
Information provided by a Data Subject can only be processed in a lawful basis. There is significant emphasis on the fact that all processing activities must be carried out securely to ensure that personal information is not exposed.
Marking Personal fields - fields containing PII (Personally Identifiable Information): Data Controllers can mark fields containing personal information as Personal fields and set a sensitivity level (High and Low). Based on the privacy preference, the Controller can choose to restrict these fields from certain processing activities such as exports, APIs and connected services.
There are two cases when data is being processed via connected services:
There are two cases when data is being processed via connected services:
Case 1 - Data Subject has not consented to their data being shared with any connected services. In such a case no information of theirs will be shared with any of the integrated services of Zoho CRM.
Case 2 - Data Subject has consented to their data being shared with connected services but there is an organizational restriction in sharing PIIs. In such a case the fields with PIIs will be not be processed in APIs and connected services.
With regards to Zoho connected services (Zoho products like Books, Desk, Campaigns, etc.) consent provided in one product will apply across all integrated Zoho products.
Encryption At Rest (EAR): Enterprise users have the option of Encryption At Rest for Personal fields.
Audit log and timeline for customer records: The Data Controller can monitor the processing activities done on a Data Subject's personal information.
Consent Management: The consent management system helps the Controller to keep track on the consent status of their Data Subjects. The system helps users identify Data Subjects who are yet to provide consent and immediately allows for sending an email with the consent form link. Consent can be obtained through webforms, consent form, portals and offline consent (Email or phone call).
The screenshot below is a consent dashboard showing the various consent statuses. Clicking on them will get you a list of all Data Subjects with their particular consent status.
3. Data Subject Rights
GDPR comes with a slew of rights which EU Data Subjects can exercise at any time which must be addressed in a month's time. The data request management in Zoho CRM lets the Controller keep track of all data requests to address them in a timely manner. The data requests raised is also maintained under each Data Subject's record details page so that the Controller is informed on any pending requests.
The Data Subject can exercise their rights through the consent form, portal, or offline through email and phone calls.
Zoho CRM helps Controllers address these data requests through the following options:
Access (Right to View): Using Zoho CRM's email feature, a template consisting of all customer information fields can be quickly created, which can then be sent to your customer upon request.
Rectify (Right to Rectify): Customer specific information can be exported and sent to the customer for rectification and the same can be updated.
Export (Right to Portability): Customer specific information can be exported, attached to an email and sent to a customer in a machine readable format, all without being downloaded on to your device.
Stop Process (Right to Stop Processing): Once a customer exercises this right, the corresponding record will be locked preventing further processing.
Erase (Right to be forgotten): Once exercised, the customer's record will be locked for the duration of the retention period defined in the Data controller's terms of service, after which the controller has the option to delete the customer information. Once deleted, the record will be moved to a blocklist and the re-entry of the same data will be prevented.
All of these enhancements will be made available for you in Zoho CRM in a phased manner. So watch this space for more updates!
Access your files securely from anywhere
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Aishwarya EK
Bueller Bueller
Thomas iwant2help
Bala Ganesh
Sunderjan Siddharth
Sticky Posts
Accessibility in Zoho CRM: Not just a feature—a way to empower
For instructions on setting up these controls, please check this help document: Configuring accessibility controls. Hello everyone, Today (December 3, 2024), on the International Day of Persons with Disabilities, we begin our journey towards a CRM thatAct on your customers' voices in Zoho CRM
Dear Customers, We hope you're well! We are super excited to present a pivotal addition to VoC in Zoho CRM—the ability to act! Customer feedback is directly proportional to customer experience, and in this customer-driven market, that feedback has a powerfulFocus Group Webinar - Streamline Record Creation with Wizards
Hi there, With all the time your users spend on record creation, do you feel like they have the most seamless experience while doing it? For different types of records or those with a LOT of fields, do your users spend time navigating to enter data repeatedly?Notes and Attachments visibility can now be restricted based on profiles
Dear All, We hope you're well! We are here with a quick update about Notes and Attachments profile permissions. In the past, a record's Notes and Attachments were visible by default to all users with record access. However, as notes and attachments canIdentify and prioritize profitable deals: Zoho CRM Forecasts help users focus on revenue-driving opportunities
Post moderated on: 7th November: Release update: This feature is now available for users in all DCs. Dear Customers, We hope you're well! At any given time, a sales rep handles multiple deals, each progressing at its own pace. But not all deals will succeed—some
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho DataPrep Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Zoho Please change your ways
I started using Your new Zoho bookings in earnest 3 days ago. What a mistake. Once again, everything is backwards and upside down. I had to spend 5 hours testing how the thing works in order for me to understand how to acutally use it. When i started using google calendar years ago. it took seconds to figure out how it works. Why is that. bc they put everything in places where it makes sense. Today, I needed to add an appointment as well as a time off. Stupid me i added the time off first,Make a ticket visible in the Community
Hi there, It is possible to have a conversation with a customer via a ticket and eventually the proposed solution isn't possible yet. Therefore you want to add it as an idea in the Community, available and open to everyone that is in the community, soWhen converting a lead to an account, the custom mandatory fields in the account are not treated by zoho as mandatory
In my Account module I have a number of custom fields that I have set as mandatory. When I enter a new customer as a new account they work, I can't save the record without populating them. However when I convert a lead, my CRM users are able to save theHow to Enforce Mandatory Fields (Category/Sub-category) Before Closing a Ticket?
Hi, I'm currently using Zoho Desk and encountering an issue where agents are able to close tickets without filling out mandatory fields, specifically Category and Sub-category. I’ve already set them both as a mandatory field, but it can still be bypassedZoho email folders gone
Hi, All my email folders are gone, i cant found any email, except sent. Also before folder rulesas was changed and i didnt fixed them, could you please check it?Pause/Resume Subscrtiption API
I don't see the option to Pause/Resume a subscription using the API, is it in the pipeline?Update Department on Ticket (with applied Blueprint)
Hello, Is it possible to update the Department of a ticket which is dictated by a blueprint, e.g. I would like to change departments at different states in the Blueprint. I do not see this is an option in workflow rules or blueprint transition actions,ERROR_CODE :554, ERROR_CODE :rejected due to spam
Please verify bounce message: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. xxx@thalesesec.com Error, ERROR_CODE :554, ERROR_CODECan't verify domain with AWS Route53
I have a domain successfully transferred to AWS Route53 from NameCheap. When I try to CNAME or TXT Records as suggested, they are added in AWS console however zohomail does not verify them. For the TXT record zohomail says the value is wrong, whereasSent emails not going and showing "Processing"
Hello Team, Could you please assist with sent emails showing "processing" and not actually going through? Many thanks and regards, CycologyLinkedIn verification link and otp not receiving
For the last 2 to 3 weeks I'm trying to verify my LinkedIn account to access my company's LinkedIn page, Linkedin is sending verification links and codes to this email address but I have not received any codes or links. Please help me here. Looking forwardAdmin Control for Default Email Templates in Zoho Desk
Hi Zoho Desk Team, We would like to request a feature enhancement related to default email templates. Currently, agents can select and set their own default email templates when replying to tickets. However, we believe this setting should be managed centrallyUnlocking New Horizons: A Year in Review
As we bid farewell to 2024, let's celebrate and revisit the key highlights of the year. From adding a new edition to cross-platform enhancements, here’s a roundup of all the feature updates designed to simplify accounting, optimize financial management,Zoho desk desktop application
does zoho desk has a destop applicaion?send file to ftp or another external service
i'v created a zoho creator application for take a picture and rename it by phone. Now i need to send Each renamed pictures to my ftp or to specific folder on google drive...then, delete it from creator. (every picture recived it will processed by another program and stored on my Erp) HOW CAN I DO ??Error 403: Forbidden When Updating Email Signature via API
Hi Zoho Desk team, First, congratulations again on the excellent Zoho API. But, I’m encountering an issue while attempting to update an email signature via the API. Whenever I make a request to update the signature, the response returns an HTTP 403 ForbiddenHas anyone built a ticket export that allows Help Center users to export the tickets shown in the My Area list they are looking at?
Hi, We are moving to Zoho Desk soon. Our current support system displays an option in our help center allowing customers to export their Open, Closed, or all tickets based on which list they are looking at. We need to offer the same in Zoho Desk helpMass pdfs into OCR field
I am working on a Creator app that my org will use internally. Is there any way to mass upload pfs through a form with an OCR file upload field? Is Creator capable of this, or would I need to use Catalyst?How to upload a file to form file upload field from deluge script.
Hi guys, I need to store API response into Form File upload field . I'm not getting any errors but PDF file is not assigned to file upload field. You can check possibilities using below details: Method: POST URL: https://v2.convertapi.com/convert/web/to/pdf?Secret=<<SecretKey>>&Token=<<APIKey>>&Url=https://www.google.com You need to generate secretKey and APIKey by Login to https://www.convertapi.com/a/su Response: { "ConversionCost": 4, "Files": { "FileName": "www_google_com.pdf", "FileSize": 68342,Export view via deluge.
Hi, Is it possible to export a view (as a spreadsheet) via deluge? I would like to be able to export a view as a spreadsheet when a user clicks a button. ThanksSubform Time field showing as null in script.
Good Afternoon everyone. I am trying to take the information from my subform and populate it into a multiline field in the CRM. The code below works with no errors. The problem is, it shows that the Open and Close (Time fields) are null. But they areZoho Payroll's Year in Review 2024
As we roll into 2025, we'd like to pay tribute to all the milestones we hit in 2024! From releasing out new features that streamlined your workflows to updates that made payroll management smoother, we’ve had a prolific year—all while keeping you, ourIs there a way to sort report on record template by a specific field like date field
Hi, Is it possible to sort the report on the record template by the date field and not the default Added Time. Please check the example bellow: The records are sorting by the added time I wand to change that by the date field,Shared subfolders
Am I right in thinking that there is no Zoho email application that allows me to create a shared inbox and then add additional folders/subfolders under that inbox? If so, this is really quite incredible and probably a deal breaker for us to start usingUpdate Multi select field values to another form table as individual record
Hi, I am new to coding and do basics within deluge. I need help with the deluge script to meet the following requirement. Form Student Attendance The fields are : Attendance Date Course (Lookup to Course Form) Class (Lookup to Class Form) Students (MultiShared Mailbox - Mark as read for all users
Hi all, Maybe someone can help me out. At the moment we have a shared mailbox without streams. When a users reads an mail or marks it as read other users will not see this. How can we resolve this? We now archive the mails when read and followed up. HoweverAllocate emails to user in a shared mailbox
Hi, This might be obvious, but I cannot find the answer. I have 3 shared mailboxes so any team member can see the emails. Is there a way of allocating a specific email to a user so that it is their responsibility to deal with it? Thanks in advance.How to view shared mailbox in Outlook
How to view shared mailbox in Outlook or in another softwareSearch mails in shared mailbox
Hi everyone, is there a way to search mails in shared mailbox's? Search in streams or mail doesn't return anything from mails in shared mailboxes. Thanks! RafalHow to send binary data in invokeurl task?
Hello, I am using Adobe's Protect PDF API. Source: https://developer.adobe.com/document-services/docs/overview/pdf-services-api/ Everything works fine in Postman. But for some reason after encrypting the file, it is empty after password protecting theCustomising the approval email
Is there anyway to customise the Approval email or to add further fields as the default looks so basic and unlike any of the other email notifications from Desk. My users just thought it was spam.Pushing GCLID info from Gravity Forms to ZohoCRM
We are switching to Gravity Forms from Zoho Forms and I cannot find any good info on how to make sure my GCLID tracking info is pushed through to the CRM through my new forms. There was an article in the documentation about placing something within theIssue Configuring SSO Integration with Cognito in Zoho Help Center
Dear Zoho Support Team, We have been working on configuring SSO integration for our Zoho Help Center using Amazon Cognito. While the setup appears to be completed successfully, we are encountering an issue when attempting to access the Help Center. TheNeed manual aggregate column pathing help
See linked video here: https://workdrive.zohoexternal.com/external/a5bef0f0889c18a02f722e59399979c604ce0660a1caf50b5fdc61d92166b3e7Add blueprint buttons to listview and kanban
Hello, just started to use the Blueprints feature - really useful. I have one suggestion to help this work even better - can there be transition buttons that appear on the top of listview & Kanban? Maybe an option as well - "Blueprint transitions appearMerging contacts does fail because of help center membership
I'm trying to merge two contact records (they are the same contact) where one of them is a member on the help center. The system warns me about this situation and then I de-activate this contact as an "End User" for the help center. Right now the systemDuplicate Contacts - how to get merge or delete
I have noticed that our list of contacts in Zoho Desk duplicates contacts periodically. I have yet to identify when or why. How do I merge or delete them? I see there is a "Deduplicate" but I am unable to find anything that explains this feature.Admin Access to Direct Messages in Zoho Cliq
Hi Zoho Cliq Team, We would like to request a feature enhancement to enable admin access to one-on-one conversations (direct messages) conducted through Zoho Cliq. Use Case: As administrators, there are situations where it becomes essential to access"Mark as Spam" not working as expected
Dear support, in the below scenario, clicking on "Mark as spam" identifies only the first of the checked emails as spam, removes that email from the visible list and leaves the rest of the list still visible & unchecked. I've tried check-marking themMassive price increase for user licenses of Zoho Portal
This actually a complaint about this announcement: https://help.zoho.com/portal/en/community/topic/free-user-licenses-across-all-portal-user-types You present this as an enhancement. And, yes, while reading the main part, I'd agree that (for smaller companies),Next Page