GDPR
Can data subject rights be raised through Portals?
Yes, the data subject can raise a request for their data rights through Portals.
Can the data subject use Portals to update his/her consent?
Yes, the data subject can update his/her consent through Portals.
Can I add a record that has been previously blocklisted back into CRM?
Yes, a record which has been previously blocklisted can be added again as a new record in CRM. Before you add the record, you will receive an alert saying it was previously blocklisted.
What is waiting period?
It is the amount of time you would like to wait, for a response to your consent email. The organization can set this waiting period. Once this waiting period is exceeded, all processing activities related to the record will be stopped.
Where can I update the data processing basis?
You can update the data processing basis for customers in the record details page. To do this, click on the Data Privacy tab, select or edit the data processing basis. The third way is through the consent overview dashboard. Go to Setup > Compliance ...
How can I restrict personal data from being shared?
To restrict personal data from being shared: Go to Setup > Users and Control > Compliance Settings. Click on the Preferences tab. Under Personal Data Handling, select where you would like to restrict the data transfer (Zoho Apps, third-party apps, ...
Can I restrict personal data from being accessed outside Zoho CRM?
Yes, you can restrict the data subject's personal data from being accessed outside Zoho CRM. Once you've marked the data as personal and sensitive, you can: Restrict data transfer to Zoho Apps/Integrations. Restrict data access through APIs. Restrict ...
I am using Zoho CRM, Survey and Campaigns. I have created a consent form, but cannot see alerts when a customer has already consented. Will I also receive notifications when the data is pushed into Campaigns from Zoho CRM?
The moment you get consent from your customers through the consent form in Zoho Campaigns, the data processing status changes to Consented. You can view all the contacts who have given consent by clicking on Subscribers > Manage Consent > Expressed. ...
We are based in the US and have and have clients from both the USA and Canada. Will GDPR have any impact on us?
GDPR applies in those scenarios when: Your organization processes personal data of data subjects who are in the EU, irrespective of the company's location. Your organization offers goods/services to data subjects in the EU. Your organization monitors ...
How do I enable double opt-in for my web form?
To enable double opt-in: Go to Setup > Developer Space > Webforms > Create Web Form. Drag and drop the fields that you want in your web form. Click Next Step. In the Form Details page, enter the relevant form details. Select the Enable Double ...
Can the fields in subforms also be marked as personal?
Yes, you can also mark those fields which are supported for processing in subforms as personal.
Once I've marked my data as personal, how will it affect data processing?
When you mark your data as personal, the data will be restricted from activities like exports, APIs and other connected services of Zoho CRM (Books, Finance, Campaigns etc).
How can I mark my data as personal?
To mark your data as personal: Go to Setup > Customization > Modules and Fields Hover your mouse pointer over the module that has the data subjects' personal information. Click Manage Personal Fields from the drop-down list. In the Manage Personal ...
Which field types can be marked as personal?
All fields, with the exception of the lookup, user lookup, formula and auto number fields can be marked as personal.
How many fields can I mark as personal?
You can mark a maximum of 30 fields in each module as personal.
Can I mark my data as personal?
Yes, you can mark your data as personal. Once you do that, you can additionally choose which fields you want to mark as normal and which fields you want to mark as sensitive.
My data currently resides in the US data center. How can I migrate this data to the EU data center?
If you need to migrate your data to the EU DC, you can send an email to migrations@zohoaccounts.com mentioning all the services you are using. This email will be forwarded to the relevant product teams, who will help you with migration. The ability ...
Where can I find additional resources on GDPR?
Here are some links for additional reading on GDPR: Find your supervisory authority- http://gdprandyou.ie/resources The EU Data Protection Supervisor- https://edps.europa.eu/ The EU GDPR Website- https://www.eugdpr.org/eugdpr.org.html Rules for ...
How often can I review the lawful basis of processing data?
As the data controller, you should periodically review the lawful basis under which you processed customers' data. This is because the lawful basis under which you initially processed personal data and the purpose of data collection can change over ...
Who can access the compliance settings in Zoho CRM?
Those having the Administrator profile can access the compliance settings in Zoho CRM.
Can data subjects edit or delete their own data before giving consent to the data controllers?
Yes, data subjects can edit and update their personal data before they give consent, through the Right to Rectify (Article 16) and the Right to Erasure (Article 17).
Can I filter leads and contacts based on their data processing basis?
Yes, you can filter leads and contacts based on their data processing basis.
How can the data controller classify fields in Zoho CRM?
The data controller has the option to mark the user's fields as personal and sensitive in Zoho CRM. The controller can also decide to restrict these fields from activities like exports, APIs, and other connected services of Zoho CRM (Books, Finance, ...
What happens to the data if a customer doesn't respond to a consent email within a certain time period?
If the customer doesn't respond to a consent email, the data controllers can decide how long they want to wait for a response. Once it exceeds that time period, the status will be Not Responded and the data will not be processed.
Is double opt-in mandatory for data processing?
No, double opt-in is not mandatory for data processing. However, a double opt-in is recommended to ensure that the customers are authentic, and genuinely interested in the product. Under double opt-in, customers will receive an additional email to ...
How can the data controller keep track of the various processing activities that have taken place in Zoho CRM?
The data controller can go to the existing Timeline view and track the updates and changes made to the data processing activities in Zoho CRM.
Can data subjects request that their data be removed or deleted from Zoho CRM?
Data subjects can use the Right To Erasure (or Right to be Forgotten- Article 17), to request that their personal data be deleted or removed from Zoho CRM. As a data controller, you will have to delete the data if the customer ask for it, unless you ...
I have turned compliance off. How will this affect the existing data process of my records?
When you go to the compliance settings and turn compliance off, the processing activities that you had previously done with the data subject's data will become ineffective, and the data will be processed without applying any data processing basis.
Can I use the encrypted field in a webform?
Yes, you can use an encrypted field in a webform.
Is encryption of data mandatory under GDPR?
No, GDPR doesn't mandate the encryption of customers' data. However, Zoho CRM allows you to encrypt fields manually in the Field Properties page.
My business isn't based in the EU. I don't have customers from the EU either. Do I still need to comply with GDPR?
GDPR is not mandatory if you neither have a business in the EU nor deal with EU residents. However, if you want to ensure better security and privacy of customers' data, it is recommended to have GDPR compliance turned on. You can do this by clicking ...
What will happen if organizations don't comply with GDPR?
Organizations can be fined upto 4% of their annual global turnover, or 20 million euros (whichever is higher), for the most serious data breaches or infringements, including not having sufficient customer consent to process data or violating the core ...
What are the different ways through which you can obtain consent from the customer?
You can obtain the customer's consent either through an email (manual email or a consent form attached to an email), through Portals, or orally through phone calls.
What rights will data subjects have under GDPR in Zoho CRM?
Data subjects will have five out of eight fundamental rights under GDPR in Zoho CRM: The Right To Access- Customers have the right to know exactly what information is held about them and how it is processed. (GDPR Article 15). The Right to ...
How does Zoho CRM help in your compliance journey?
These are the ways through which Zoho CRM helps you with GDPR compliance. Data source tracking- Zoho CRM records the source of the data (direct sources like web forms and indirect sources like the UI, imports, APIs and other third-party ...
What will happen to my existing data in Zoho CRM after GDPR takes effect?
After GDPR takes effect on May 25, all existing records in your Zoho CRM account will need to be marked under the appropriate lawful processing basis. You can do this through: The Overview Page List View of the relevant module Individual records
How can GDPR be enabled for existing customers?
You can enable GDPR for existing customers by clicking Setup > Users and Control > Compliance Settings, turning compliance settings on, and selecting those modules for which compliance will be applicable.
Who/what is a DPO?
A Data Protection Officer (DPO) assists you to monitor internal compliance, informs and advises you on your data protection obligations, provides advice regarding Data Protection Impact Assessments (DPIAs), and acts as a contact point between data ...
What is LIA?
LIA stands for Legitimate Interests Assessment. It specifies the reason an organization wants to process a customer's personal data. The organization must also conduct an LIA to show that the processing is necessary. An LIA is split into three steps: ...
What are the lawful bases the data controller can use to process customer data?
The data controller can choose from six data processing bases. These are: 1. Contract- This applies when you need to process the customer's personal data to fulfill your contractual obligations, or to take some action based on the customer's request ...
Next page