Welcome to Portal

?Unknown\pull-down

Welcome to Zoho Cares

Bienvenido a Soporte de Zoho

Search our knowledge base, ask the community or submit a request.

Addressing Data Subject Requests

Before addressing Data Subject Requests (DSR) in the Zoho Desk, we need to understand the basic concept of the General Data Protection Regulation (GDPR) and its functions to know the importance of DSR in an organization.

General Data Protection Regulation

Regulators have created a legal framework called GDPR to deal with privacy. GDPR is a set of rules designed to provide EU residents with control over how companies across the world can use their personal data. Every organization needs to be well aware of the impact this will have on individuals and businesses dealing with EU residents' personal data.

GDPR only applies to organizations engaged in “professional or commercial activity” and not for any "personal or household activity." 

Availability
Permission Required
Users with the Administrator profile permission can access this feature.
Check Feature Availability and Limits

Following are some key terminologies associated with GDPR:
  1. Data Controller   - Someone who controls the purpose and means of processing personal data. The controller defines how the data should be put to use and why it should be used. Often, data controllers use an external service or another organization to process the data. This is where data processors come in. In this case, control over collected personal data remains with the data controller and is not passed on.
  1. Data Processor   - Organizations that process personal data on behalf of the controller are known as data processors. They do not have control over what is done with the data, nor can they change the purpose of data collection. Processors get limited rights to process the data as per the instructions provided by the controller.
  1. Data Subject   - The person whose personal information you collect is the data subject. In a business, data subjects tend to be your customers and employees. Personal information refers to any data that can be used to identify an individual, such as name, mobile number, email, residential address, or credit card number. This information is used by the organization to process and contact them for business.

Data Subject Rights in GDPR

The data subjects have the right to control who collects their data, how it is utilized, and for how long. The GDPR explicitly states certain rights for the data subjects in Articles 12 to 23 .

Rights
Meaning
The Right to Be Informed
Individuals have the right to be informed about the collection and use of their personal information.
The Right of Access
Gives Individuals the right to get a copy of their personal information.
The Right to Rectification Individuals have the right to correct inaccurate personal data as well as to complete incomplete personal data. 
The Right to Erasure
Gives individuals the right to ask firms to delete their personal data.
The Right to Restrict Processing
Gives individuals the right to confine the handling of their personal information in specific conditions.
The Right to Data Portability
Ensure individuals can obtain, copy, move, transfer and reuse their personal information across different services.
The Right to Object
Allows individuals to ask firms to stop processing personal information about them.
The Right to Avoid Automated Decision-Making
Individuals have the right to not to be dependent upon a decision based solely on automated processing.

Data Subject Requests in Zoho Desk 

Data Subject Requests (DSR) is a request from an individual to a data controller asking for modification or deletion of personal data held by a third party.

Zoho Desk provides a robust and scalable structure for safely processing your client's data. In Zoho Desk, you have the provision to address two types of requests based on these data subject rights:
  1. Right to Access - According to this right, data subjects can request a copy of their personal data. In Zoho Desk, you can register this request and send them a copy of the data from one or many modules. Data will be exported, and you can send it securely through your official email.
  1. Right to Erasure - According to this right, data subjects can raise a request asking the organization to delete their personal data. In Zoho Desk, you can take up this request and permanently delete the data from one or many modules.

Enable or Disable Data Subject Requests Access

Before processing the requests in Zoho Desk, first you need to collect the request from the data subjects. The requests from the data subjects can be collected either directly through a call or from a support ticket.

Once the request is collected from the data subjects, it can be either processed by an administrator or support agent. By default, the administrator has the privilege to process all the DSR requests, and support agents with the Agent profile have to contact the administrator to provide them access to perform this operation.

To enable/disable the DSR access to an agent
  1. Go to Setup > User Management > Profiles.
  2. Select the Agent profile.
  3. In the Administrative Permissions column, you can enable/disable the Manage Privacy Settings option accordingly.
These DSR requests are not department-specific, and thus the respective support agent or administrator can process the request irrespective of the department they belong to. 

Export data - Respond to the right to access data

If your clients reach out requesting a copy of their data, Zoho Desk provides you with the flexibility to meet their requests via the Export Data option within the product. You can collect the data from all or selected modules, export it, and share it with the requested customer.

To export an individual's data from Zoho Desk
  1. Click on Setup > Privacy and Security > Data Subject Requests.
  2. Click New Request.
  3. Select Request type as Export Data.
  4. Select the appropriate Module and fill in the Contact fields as per the client's request.
  5. You can also select and tag the Reference Ticket Id directly. (This is optional)
  6. Under the Record Details, choose one of the following:
    1. Specific Records - Specify the criteria to filter the records that you need.
    2. All Records - Choose to view all the records associated with the contact's email address that you provided.
  7. Click  Fetch Data.
    The list of records will be available to choose from.



  8. Select the records that you want to export and click Submit .
    The export is initiated and once it is ready, the data is available as a request entry from where you can export the CSV file.



  9. Click the Download icon (   ) to get the file.




You can send the data file to the data subject via a secure and preferably official email account using  Zoho Desk's outbound email feature.

Delete data - Respond to the right to erasure

If your clients reach out requesting deletion of their data, you can perform this operation via the Delete Data option within the Zoho Desk. Please note that the deletion is permanent, and there is no way to recover the deleted data.

To delete an individual's data in Zoho Desk
  1. Click on Setup > Privacy and Security > Data Subject Requests.
  2. Click New Request.
  3. Select Request Type as Delete Data.
  4. Select the appropriate Module and fill in the Contact fields as per the client's request.
  5. You can also select and tag the Reference Ticket Id directly. (This is optional)
  6. Under the Record Details, choose one of the following:
    1. Specific Records - Specify the criteria to filter the records that you need.
    2. All Records - Choose to view all the records associated with the contact's email address that you provided.
  7. Click Fetch Data.
    The list of records will be available to choose from.



  8. Select the records that you want to delete and click Submit



  9. Click Delete to confirm the permanent deletion of records.
    The deletion request gets initiated, and the selected record gets deleted permanently from the system after a while.



View the list of Requests

In addition to exporting and deleting users' data, Zoho Desk provides you with the flexibility to view a history of all data access requests executed in your firm, along with their status. An administrator or authorized support agent can view these requests at any time.

To view the completed or in progress DSR requests
  1. Click on Setup > Privacy and Security > Data Subject Requests.
  2. Select the Filter DSR Requests  ) icon in the top bar and specify the criteria for applying the filter.
  3. Click Filter.
    You can see the list of records based on the filter you applied.





Helpful?31
Updated: 4 months ago
Share :
Follow

Subscribe to receive notifications from this article.