GDPR and Zoho Creator
This article covers what EU's GDPR is about, as well as the features and capabilities of Zoho Creator that can help you build GDPR compliant custom apps.
Note: The content presented in this page is not to be construed as legal advice. Please contact your legal counsel to learn how GDPR impacts your organization and what you need to do to comply with GDPR.What is GDPR?
The European Union (EU)'s General Data Protection Regulation (GDPR) is a new regulation that comes into effect on the 25th of May, 2018. It aims to harmonize the data privacy laws across the EU, and (in particular) protect the rights of residents of the EU with regard to the processing of their personal data. It recognizes the data privacy rights of EU residents, and lays down rules relating to the processing of their personal data.
At its core, the GDPR aims to give EU residents full control over their personal data.
What is personal data?
In the context of GDPR, personal data is any data that can directly or indirectly help identify a natural person. This includes, but is not limited to: name, address, phone number, email address, IP address, traveling habits, and photos.
When and where does GDPR come into play?
GDPR applies for any activity that collects or processes the personal data of EU residents. It does not matter if the said activity takes place inside the EU or not. GDPR has a global reach.
Why be GDPR compliant?
EU's GDPR comes into effect on the 25th of May, 2018. It is legally binding. The concerned Supervisory Authority (as defined by GDPR), may fine the non-compliant person or organization up to 20 million Euros or 4% of their annual worldwide turnover from the preceding year, whichever is higher. Levying a fine is in place for two reasons:
- A deterrent, so that Data Controllers and Data Processors act responsibly, and adhere to GDPR's guidelines
- A compensation for the persons who have suffered material or non-material damage as a result of an infringement of GDPR
Key roles that GDPR identifies
- Data Subject: A resident of the EU from whom, or about whom, data is collected and/or processed
- Data Controller: The person or organization that defines the purpose and means of collecting and processing data
- Data Processor: The person or organization that processes the collected data on behalf of the Data Controller
In this context, the following two scenarios come into play:
- When you sign up with Zoho and subscribe to Zoho Creator:
- You act as the Data Subject
- Zoho acts as the Data Controller
- When you use Zoho Creator to build an app:
- The natural persons that you collect data about (the users that you share your app with, for instance) act as the Data Subjects for that app
- You act as the Data Controller for all the apps in your workspace
- Zoho acts as the Data Processor
Zoho Creator's GDPR readiness
Addressing rights of Data Subjects
The following are the Data Subject Rights that GDPR identifies, and how Zoho Creator helps you address them in your apps:
- The Data Subject has a right to be informed on how their personal data was, is, and will be processed. By adding an add notes field to your form (next to the fields in which you're collecting their personal data), you can explain why you need said data, what you will be using it for, and how it will be processed. You can also insert a hyperlink (in the note) to your organization's privacy policy.
- Right to access, right to erasure, and right to be forgotten: You need to forward the requests you receive from your users to support@zohocreator.com. Our Support team will analyze the request and guide you on how to act on it.
- With their right to access, the Data Subject can demand Data Controllers to furnish the following: the personal data (of the Data Subject) that was collected and processed, how it was obtained, how it is processed, and to whom it was shared with — all the details from point of collection to point of storage
- With their right to erasure, the Data Subject can demand that Data Controllers erase all their personal data
- With their right to be forgotten, the Data Subject can demand for their data to be completely erased
- Right to rectify: Users can edit their records by accessing the respective reports
- The Data Subject has a right to obtain from the Data Controllers, without undue delay, the rectification of inaccurate personal data concerning them, and also complete any incomplete data point.
- Use separate decision box fields to capture the Data Subject's consent to process their personal data, and define your workflows such that these permissions are checked for before they are processed. To give or take away their permission, the Data Subject can simply update the relevant decision box field accordingly.
- Right to data portability: Data submitted by your users can be exported as spreadsheets and PDFs
- The Data Subject has a right to receive all their personal data, submitted to the Data Controller. To do this, users can simply export their records from reports
Implement some best practices
You can leverage the features and capabilities of Zoho Creator to implement the following in your apps:
- Denote fields that contain personal data: The Contains personal data field property helps you define if the concerned field is one in which your users will be entering some personal data.
- Encrypt data: Upon enabling this field property, the data your users enter in that field will be stored in an encrypted format. Lean more
- Capture location: Forms in your Zoho Creator app can, with your user's consent, capture the geographical location from where they submit their entries. Learn more
- Capture IP address: Forms in your Zoho Creator app can capture the public IP address using which your users submit their entries. Learn more
- Getting consent: Data Subjects have a right to be informed on why your app, or a form in your app, is collecting data, and how it will be processed. Also, as a Data Controller, you may need to show if your users gave their consent for this. Here's how you do it:
- If consent is required along with the data a form is already collecting, then add an add notes field (which will display information on why you need to collect certain data points, and how you will process them), and a decision box field (marked mandatory) that lets your users give their consent
- If consent is required on the app level, add a new form and use the combination of add notes and decision box fields as given above
- To let your users know what they consented to, you can send them an email saying they've given their consent (and copy-paste the add notes field's content in the email's message)
- Provision a double opt-in mechanism for your form or app: Double opt-in is a widely used mechanism to get the intended audience to confirm before proceeding. You can put in place a double opt-in before you let your users access any form in your app. Here's how you do it:
- Add a new form to your app, which contains an add notes field (where you can add whatever information you want your users to know), an email field (to which you'll send an email) and a decision box field (to capture if user yours consent to receiving an email)
- The email you send on form submission must contain the link to your intended form
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Zoho Creator Product Catalog
Overview Zoho Creator is a powerful low-code platform that enables anyone to build resourceful enterprise-grade applications quickly with minimal programming knowledge. With Zoho Creator you can build, deploy, and manage workplace tools for your ...Introduction to Zoho Creator Procurement
Procurement is a constructive method used to streamline an organization’s procurement process in and out to achieve desired results while saving money, managing time, and establishing collaborative supplier relationships. The purpose of procurement ...Autopopulate Zoho Creator field with Zoho People data
Requirement Autopopulate Zoho Creator field with employee information stored in Zoho People. Use case Let's assume an organization named Zylker has a private library. The regular users must purchase a membership in order to access the library, ...Zoho Creator URL Patterns
Overview This document lists the urls of various Zoho Creator application components like forms, views, PDF report etc. The knowledge about the url of the applications will help in providing quick access to the application and its forms, views and ...Domains in Zoho Creator
1. What Does This Page Cover? Learn how adding verified domains can help you simplify the user onboarding process, create group aliases for email communication, and host your mailbox with Zoho Mail. This is one of the features offered in Zoho Creator ...
New to Zoho LandingPage?
Zoho LandingPage Resources