Data Subject Rights

Data Subject Rights

As per GDPR Articles 12 to 23, individuals have specific rights concerning their personal data. Organizations must understand and meet these rights when individuals seek to exercise them.
  1. Right of access: Individuals have the right to ask the controller to confirm if their data is being used and to request access to their personal information.
  2. Right to rectification: Individuals have the right to make sure their personal data is accurate and up to date. They can ask for corrections or updates when needed.
  3. Right to erasure or be forgotten: Individuals have the right to request the deletion of their personal data from the controller's records without delay.
  4. Right to object and restriction of processing: Individuals have the right to say no to their data being used and can ask for limits on how it's used if they want.
  5. Right to data portability: Individuals have the right to receive their information in a structured, machine-readable format or to have their data transferred to another organization, if feasible.
  6. Right to be informed: Individuals have the right to know why and how their personal data is being used. They also have the right to know if their data is being shared with others. This is done by following the right legal rules for using data. If consent is needed, it's important to get it right.
  7. Right to be notified: In the event of a data breach, individuals must be notified within 72 hours of the controller becoming aware of the breach.

To enable data subject rights, the initial step is to activate GDPR compliance in your account. This regulatory framework ensures the protection of personal data and grants individuals rights over their data. To initiate this process, follow the steps mentioned in this help document on managing compliance. Once GDPR compliance is successfully enabled, a new feature becomes accessible within the contact's detail page, known as Data Privacy.

Upon accessing the Data Privacy section, you will have a set of options designed to facilitate data subject rights.

To add a data subject's request to your account, go to any Contact > Data Privacy > Data Subject Requests > + Request button. You can gather requests via email, through a call, or face-to-face.
                              

Request to  access data  (Right to access)

With the consent forms created, you can send emails in CSV format when data subjects request access to their information.

To send an email with the data subject's information:
  1. Open the user's record and click Data Privacy.
  2. Under the Data Subject Requests section, click + Request.
  3. In the New Request pop-up, select Request to access data.
  4. Click Save, and the request will be added to the record.
  5. Click Send email for the request to access data.
  6. In the email composer, compose an email or select the email template with which you want to send the email, and send the email.

You can view the email sent from the related list tab. You can also download the CSV file that you send from here.

You can close the request created once you are done. To close the request, click on Close Request. You can create a new request only after you close the existing request.

If you have sent the request by mistake, or if you need to revert the request, you can delete the request. Remember, you cannot delete the request once you close the request. To delete the request, click on Delete Request.

Request to rectify data  (Right to rectify)

You can send an email with a CSV file containing the data subject's information. They can then correct the information in the CSV file and send it back to you. Afterward, you can import it into your account to update the information. 

To send an email to rectify the data subject's data:

  1. Open the user's record and click Data Privacy.
  2. Under the Data Subject Requests section, click + Request.
  3. In the New Request pop-up, select Request to rectify data.
  4. Click Save, and the request will be added to the record.
  5. Click Send email for the request to rectify data.
  6. In the email composer, select the email template with which you want to send the email, and send the email.

Similar to request access data, you can view the email sent from the related list tab. You can also download the CSV file that you send from here. You can also close the request and delete the request. 

Request to export data  (Right to portability)

You can export data subject information in a machine-readable CSV format, attach it to an email, and send it, all without downloading it onto the Controller's device.

To send a copy of the data subject's data:

  1. Open the user's record and click Data Privacy.
  2. Under the Data Subject Requests section, click + Request.
  3. In the New Request pop-up, select Request to export data.
  4. Click Save, and the request will be added to the record.
  5. Click Send email for the request to export data.
  6. In the email composer, select the email template with which you want to send the email, and send the email.

Similar to request access data, you can view the email sent from the related list tab. You can also download the CSV file that you send from here. You can close the request and delete the request, too.

Request to stop processing data (Right to stop processing)

Once they exercise this right, you can halt the processing of the data subject's information in Bigin. You can also lock the data subject's information, halting any further processing. When a record is locked, all its details are also restricted from further use or processing within Bigin. For example, you cannot send emails, edit the record, make calls, and so on.

To lock the record:
  1. Open the user's record and click Data Privacy.
  2. Under the Data Subject Requests section, click + Request.
  3. In the New Request pop-up, select Request to stop processing data.
  4. Click Save, and the request will be added to the record.
  5. Click Lock for the Request to stop processing data.
  6. The record will be locked, and you cannot perform any actions for the record, as mentioned earlier.

  7. You can unlock the record when a contact requests you to do so. To unlock the record, click Unlock. Once it is unlocked, you can edit the records, make calls, and send emails.

Request to delete data (Right to be forgotten)

Once requested, the data subject's information can be locked in Bigin for the retention period set in the Data Controller's terms of service. During this time, the data won't be processed. Afterward, the controller can choose to delete the data subject's info. When deleted, the email address will be added to a block list, stopping re-entry through import or synchronization.

Note:
  1. You need valid permission to put a record on the block list.
  2. When a record is on the block list, all records with the same email address are deleted.
To lock and block-list the record:
  1. Open the user's record and click Data Privacy.
  2. Under the Data Subject Requests section, click + Request.
  3. In the New Request pop-up, select Request to delete data.
  4. Click Save, and the request will be added to the record.
  5. Click Lock for the Request to stop processing data.
  6. Click the Move to block list button to remove it from your account.
  7. In the Blocklist Record pop-up, select Move to block list; the record will be removed, and the email address will be added to the block list.

  8. Nonetheless, you can manually add a record with the same email address if needed; you will be warned with a notification.

Lawful basis of data processing   

GDPR defines six lawful basis for processing personal data. To activate Data Processing Basis, go to Contacts > Any record > Data Privacy > Data Processing Basis > Enable > Choose the Data Processing Basis.

You can edit your basis any time you want by just clicking on the Edit button.

Here are each of them in detail.
  1. Legitimate interests: Processing personal data is allowed when it's needed for the controller's or a third party's legitimate interests, unless it goes against the rights and freedoms of the individual.
    1. Example: An organization may process customer data for direct marketing purposes if it can demonstrate a legitimate interest, such as promoting relevant products or services to existing customers. Similarly, employers may process employee personal data for administrative purposes, such as payroll processing or performance management, as long as it's done in a way that respects the rights and freedoms of the employees.
  2. Contract: Personal data can be processed if it's necessary for fulfilling a contract with the individual or for taking steps at their request before entering into a contract.
    1. Example: When someone purchases a product online, their personal data, such as name, address, and payment information are necessary for the organization to fulfill the order.
  3. Legal obligation: Processing personal data when it's required to comply with the law.
    1. Example: Businesses may need to process personal data for tax purposes or to comply with employment laws, such as providing employee salary details to tax authorities.
  4. Vital interests: Personal data can be processed when it's necessary to protect someone's life.
    1. Example: During a medical emergency, healthcare providers may need to access and process a patient's medical records to provide life-saving treatment.
  5. Public interests: Processing personal data is permitted when it's in the public interest or for official functions performed by public authorities.
    1. Example: Government agencies may collect and process personal data for statistical purposes, public health surveillance, or national security.
Note:
  1. For the above-mentioned data processing basis, you can add Consent remarks, if required.
  1. Consent: This is when individuals give clear permission for their personal data to be used for specific purposes. It requires an affirmative action from the individual, such as ticking a box or signing a form.
    1. Example: If a user subscribes to a newsletter by providing their email address and ticking a consent box, they are allowing the organization to send them marketing emails.
In Bigin, there are two ways to obtain consent from data subjects.
  1. Consent Form: In Bigin, you can personalize consent forms with fields for communication preferences and consent statements. To create a consent statement, go to Settings > User and Controls > Compliance > Consent Form > Customize > Consent Statement.

    These forms can be shared via email templates, allowing you to request consent from individuals. Additionally, you have the option to send individual emails from a record or send mass emails to a list of records.

  2. Manual Update: If you obtain consent during a phone call or face-to-face meeting, you can manually update the consent status in the Data Privacy section of a record.

Based on the customer response, the status of the consent request is processed; the stages involved here are as mentioned below.
  1. Pending: When a consent request hasn't been sent to data subjects.
  2. Waiting: After sending the consent form, while awaiting a response.
  3. Obtained: When consent is received from the data subject.
  4. Not responded: When consent isn't received within the defined waiting period in Consent Settings.


    Zoho CRM Training Programs

    Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.

    Zoho CRM Training
      Redefine the way you work
      with Zoho Workplace

        Zoho DataPrep Personalized Demo

        If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

        Zoho CRM Training

          Create, share, and deliver

          beautiful slides from anywhere.

          Get Started Now


            Zoho Sign now offers specialized one-on-one training for both administrators and developers.

            BOOK A SESSION









                                      You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.




                                          Manage your brands on social media

                                            Zoho Desk Resources

                                            • Desk Community Learning Series


                                            • Digest


                                            • Functions


                                            • Meetups


                                            • Kbase


                                            • Resources


                                            • Glossary


                                            • Desk Marketplace


                                            • MVP Corner


                                            • Word of the Day


                                              Zoho Marketing Automation

                                                Zoho Sheet Resources

                                                 

                                                    Zoho Forms Resources


                                                      Secure your business
                                                      communication with Zoho Mail


                                                      Mail on the move with
                                                      Zoho Mail mobile application

                                                        Stay on top of your schedule
                                                        at all times


                                                        Carry your calendar with you
                                                        Anytime, anywhere




                                                              Zoho Sign Resources

                                                                Sign, Paperless!

                                                                Sign and send business documents on the go!

                                                                Get Started Now




                                                                        Zoho TeamInbox Resources



                                                                                Zoho DataPrep Resources



                                                                                  Zoho DataPrep Demo

                                                                                  Get a personalized demo or POC

                                                                                  REGISTER NOW


                                                                                    Design. Discuss. Deliver.

                                                                                    Create visually engaging stories with Zoho Show.

                                                                                    Get Started Now









                                                                                                        • Related Articles

                                                                                                        • Manage your Data

                                                                                                          All businesses rely on data, so your administrators need to be able to control how data is managed in Bigin. Import History This section displays a consolidated list of all the data that has been imported to any module in your Bigin account. Import ...
                                                                                                        • Can I set up a recurring data backup for my Bigin account?

                                                                                                          Bigin does not have a recurring data backup option yet. However, you can purchase a one-time data backup at $5/unit at frequent intervals. The backup will include the records in a module, related records and the attachments.   To download the data ...
                                                                                                        • Stay GDPR compliant with Bigin

                                                                                                          What is GDPR? General Data Protection and Regulation defines new set of rules on how to collect and handle personal information of EU citizens.  Who does this law apply to? A company, established in EU, that processes personal data of individuals ...
                                                                                                        • Forms: Streamline data collection from your customers

                                                                                                          The form builder in Bigin is an excellent tool for real estate businesses to capture a wide range of details from potential customers. Zylker Homes can create custom forms for property enquiries, rental applications, feedback, and more. With ...
                                                                                                        • Data Backup

                                                                                                          Using Data Backup, you can back up all the data in your Bigin account, instantly. Once the backup is ready for download, you will receive a pop-up notification and an email. Users with the paid edition of Bigin will have two free backups per month. ...
                                                                                                          Wherever you are is as good as
                                                                                                          your workplace

                                                                                                            Resources

                                                                                                            Videos

                                                                                                            Watch comprehensive videos on features and other important topics that will help you master Zoho CRM.



                                                                                                            eBooks

                                                                                                            Download free eBooks and access a range of topics to get deeper insight on successfully using Zoho CRM.



                                                                                                            Webinars

                                                                                                            Sign up for our webinars and learn the Zoho CRM basics, from customization to sales force automation and more.



                                                                                                            CRM Tips

                                                                                                            Make the most of Zoho CRM with these useful tips.



                                                                                                              Zoho Show Resources