This page will help you to learn what GDPR is and how Zoho CRM Plus is GDPR compliant. We'll walk you through some of the key requirements we have implemented to safeguard and protect customer data in Zoho CRM Plus.

What is GDPR?

The General Data Protection Regulation (GDPR) is a law enforced by the European Union that seeks to protect the personal data of all individuals within the EU. The law enables citizens and residents of the EU to have control over their personal data. The law comes into effect on May 25, 2018.

GDPR applies to all organizations that collect data from European residents, or that process the data on behalf of an organization or for an individual based in the EU. The regulation also applies to organizations outside EU that collect and process personal data of individuals inside EU.

GDPR in Zoho CRM Plus

In this section, you will learn some key GDPR requirements implemented in Zoho CRM Plus applications that will help you to process data on a lawful basis, implement data protection rights of customers through data subject rights, handle personal data and security breaches, and safeguard privacy by implementing data protection principles through appropriate technical and organizational measures.

Lawful Bases for Processing Data

GDPR defines six lawful bases for processing your customers' personal data. It's important that you understand and use them appropriately in the respective applications of Zoho CRM Plus based on your business needs.

Consent - With Zoho CRM Plus, you have the right consent mechanism in place in the respective applications to ensure you have a lawful basis for your data processing activities. If your organization is handling customer data, you need to obtain consent from the customer before you process their personal data. The consent can be through written statements, by electronic means, or by clear affirmative actions that indicate the customer's acceptance for processing the personal data. You'll find consent management implemented in CRM, SalesIQ, Campaigns, Projects, Social, Survey, and Analytics.

Contract - Zoho CRM Plus enables you to handle contracts in respective applications to ensure you understand the obligations, responsibilities, and liabilities to comply with GDPR guidelines. A written contract is essential when you are processing customers' personal data. You'll find contract used as a lawful basis for processing data in CRM, Desk, and Social.

Legal Obligation - Zoho CRM Plus helps you handle all legal obligations involved in processing your customers' personal data in the respective applications to ensure you comply with the law. Legal obligation as lawful bases for processing data is implemented in CRM and Survey.

Vital Interests - You can process personal data to protect someone's life during emergencies. For example, when people are admitted to the hospital with life threatening injuries or epidemic diseases, you may need to disclose their medical history to save their lives. Personal data of individuals can also be collected during natural disasters. You can protect the vital interests of your data subjects on lawful basis in CRM.

Public Tasks - Processing of personal data is allowed when specific tasks have to be carried out for public interest. For example, you can process personal data for statistical purposes, for conducting surveys, or for some scientific research. You can also process personal data for carrying out certain statutory, governmental, or parliamentary functions. The need for performing the task for public interest must be documented, and you need to identify relevant tasks, and mention its purpose on lawful basis in your privacy notice. We have included public tasks as a lawful basis for processing personal data in CRM.

Legitimate Interests - Zoho CRM Plus handles the processing of data on lawful basis based on legitimate interests in respective applications. For example, you may process clients' data for direct marketing purposes based on legitimate interests. Zoho CRM Plus enables you to process data based on legitimate interests in CRM, Campaigns, Desk, Projects, Social, Survey, and Analytics.

The table below lists the six legal grounds for processing personal data on lawful bases implemented in the applications of Zoho CRM Plus.

Note: To learn how lawful bases for processing data is handled in the applications of Zoho CRM Plus, refer to the GDPR Help available in the respective applications.

Data Subject Rights

One of the key requirements laid down by GDPR is the data subject's rights. GDPR empowers individuals with certain rights to ensure their personal data is protected and their privacy is maintained. This section will help you understand some of the data subject rights that Zoho CRM Plus has implemented to protect personal data and ensure data privacy of its customers.

Right to Information - Zoho CRM Plus helps you provide details to your customers about where their data is being processed and the purpose for which the data is shared and processed in the respective applications. For example, when you collect email address of customers, you need to inform them the purpose for which their email address will be used. You'll find right to information implemented in CRM, SalesIQ, Campaigns, Desk, Projects, and Survey.

Right to Access Data - In Zoho CRM Plus, customers can view, export, and obtain copies of their data that is being controlled and processed in the respective applications. They can place the request verbally or in writing. For example, customers can request personal data from medical records or from libraries to know when they have to renew their membership. We've implemented right to access data in CRM, Desk, Projects, and Survey.

Right to be Forgotten/Right to Erasure - Customers may sometime request that you delete their data on personal grounds. For example, if customers do not wish to avail services from a particular bank in which they maintain an account, they can close their account, and place a request to the bank to erase their data. Customers may also withdraw consent if they object to having their data processed or when they believe their data is being processed unlawfully. Zoho CRM Plus enables you to delete the personal data of your customers in CRM, Campaigns, Desk, Projects, Social, Survey, and Analytics when it is no longer required for processing.

Data Portability - Zoho CRM Plus enables you to handle data in a safe and secure manner in the respective applications in machine-readable electronic format when customers request to move, copy, or transfer the data. For example, a customer may request the bank send the current account balance details, or request a copy of legal documents submitted to them. You'll find data portability implemented in CRM, Campaigns, Desk, Projects, Social, Survey, and Analytics.

Right to Object and Restriction of Processing - Customers can object to the processing of their personal data when it is used for direct marketing purposes, or when a task is carried out in the public interest or for exercising official authority, or legitimate interests. They can make the request verbally or in writing.

Individuals can also restrict processing of personal data and limit the way the organization uses their data if they find the data is inaccurate, or is unlawfully processed. Additionally, if the individual does not wish to erase the data but want to restrict processing of data instead, they can request this verbally or in writing. In Zoho CRM Plus, the right to object and right to restriction of processing is implemented in CRM, Desk, and Projects.

Right to Rectification - Customers or individuals can request rectification of their data when the data is inaccurate or incomplete. For example, customers can place a request to the bank to update their current address or phone number, if they have moved to a different country, state, or city. We have implemented the right to rectification in CRM, Desk, Projects, and Survey in Zoho CRM Plus.

The following table provides details of data subject rights implemented in the applications of Zoho CRM Plus.

Note: To learn more about data subject rights implemented in the applications of Zoho CRM Plus, refer to the GDPR Help available in the respective applications.

Data Privacy

Zoho CRM Plus helps you handle data privacy effectively. It ensures that any personal information related to customers or individuals is gathered legally and their data is collected, managed, and protected from misuse and exploitation. It also enables individuals or organizations to determine the type of data they can share or restrict. We have implemented data privacy in CRM, SalesIQ, Campaigns, Desk, Projects, Social, Survey, and Analytics.

Data Breach Notification

Zoho CRM Plus helps you to effectively handle data and security breaches in the respective applications by establishing appropriate measures. When there is a personal data or security breach, Zoho CRM Plus will notify the respective authority no later than 72 hours after the occurrence of the incident. The customers will also be notified about the breach if it is likely to affect their data privacy. Details about the data breach and the remedial actions to be taken for protecting their data will be communicated. In Zoho CRM Plus, you'll find data breach notification implemented in Desk and Projects.

Privacy by Design and Privacy by Default

Zoho CRM Plus enables you to effectively implement appropriate data protection and privacy measures by default in the respective applications from the early stages of design and development of the applications where the data will be processed. Default privacy settings will be implemented in the relevant applications to protect and safeguard data security and privacy. You'll find privacy by design and privacy by default implemented in SalesIQ, Desk, and Survey.

The table below lists the applications in which data privacy, data breach notification, and privacy by design and default are implemented in Zoho CRM Plus.

Click the following links to learn more about GDPR implementation in the respective applications of Zoho CRM Plus.

• CRM
• Campaigns
• SalesIQ
• Desk
• Projects
• Social
• Survey
• Analytics

Learn more about Zoho's GDPR Readiness.

Disclaimer: Information in this page in no way constitutes legal or professional advice. It is recommended that you contact your legal advisor to find out to what extent GDPR might apply to your business, how it will impact your business, and the best practices to be followed to comply with GDPR.