Working with Security Features
Privacy and security are essential in IoT setups to safeguard the sensitive data collected from devices and assets. This document outlines a step-by-step procedure for configuring GDPR and other security features in the application, as well as for creating PII fields and datapoints.
Configuring GDPR Compliance Settings
To configure privacy and security settings,
1. Access the End Application.
2. Go to the Setup page.
3. Select Compliance Settings under Users & Controls. The GDPR Settings page is displayed.
4. Select Enable GDPR Compliance Settings to display the available options.
- Selecting Enable GDPR Compliance Settings typically involves activating features and configurations within a system or application to ensure adherence to the General Data Protection Regulation (GDPR).
5. Select the desired options under this section.
- Restrict Data Access Via API - Application level restriction is possible for accessing data from outside the application using APIs.
- Restrict Data Export - Application level restriction is possible for exporting any sensitive information. Once enabled, Personally Identifiable Information (PII) will not be able to export any sensitive information. This would include the device identification number, driver license number, financial information, etc.), and any custom fields created and marked as sensitive.
- Restrict Data Access Via Zoho Apps - Application level restriction is possible for accessing data from outside the application using Zoho Apps.
You can view PII Fields and Datapoints in this page. These fields and datapoints are created in the application with the PII data property enabled.
6. Click Save.
Creating PII Field
The Custom Fields feature in Zoho IOT allows you to add your own fields to the application. You can choose to encrypt and save any of these fields as Personally Identifiable Information (PII) field.
1. Access the Developer Application.
2. Select the model for which you would like to create a new custom field.
3. Click on the model name, and to go to the model's information page.
4. Click Configure in the Custom Fields template in the information page.
5. In the fields palette, select the field type and drag and drop in the right panel.
6. In the New Field form, select how you want to store your data based on its sensitivity under Security.
7. Select PII Data using the toggle button based on the information that you will be entering in this field.
- Select PII Data (Personally Identifiable Information) if the information that you will enter is confidential and can be used to identify a person. You can mark fields such as Device Identification number, Driver license number, etc. as PII. You can choose to encrypt and store the data.
- Select Sensitive or Non-Sensitive depending on the data.This classification is mostly used for segregation purposes.
8. Data Encryption: Select Encrypt Data if you want the information that you enter to be encrypted and stored. Only users with access to protected data can access the fields. Users cannot use this field to perform advanced searches and filters, and these fields are not displayed for selection while creating widgets in dashboards.
9. Enter the other values and click Save.
Note: You can mark a field as PII for all data types expect for lookup fields.
Creating PII Datapoint
The Datapoint creation feature in Zoho IOT allows you to add datapoints to the application. You can choose to encrypt and save any of these datapoint values as Personally Identifiable Information (PII).
1. Access the Developer Application.
2. Select the model for which you would like to create a new datapoint.
3. Click on the model name, and to go to the model's information page.
4. Click Configure in the Datapoints template in the information page.
5. Click Add Custom Datapoint, and provide the datapoint details in the resultant screen.
6. Select PII Data using the toggle button based on the information related to this datapoint.
- Select PII Data (Personally Identifiable Information) if the information that you will enter is confidential and can be used to identify a person. You can mark datapoints such as Device Identification number, Driver license number, etc. as PII. You can choose to encrypt and store the data.
- Select Sensitive or Non-Sensitive depending on the data.
Note: Encryption support is currently is not available for datapoints.
7. Enter the other values and click Save.
Note: You can mark a field as PII for all data types expect for lookup fields.
On enabling the data stored in personal fields will be restricted from being accessed from outside the application based on the Compliance settings.
Encrypt Export and Download
Encrypting data when exporting it to a PDF file is a crucial step in protecting sensitive information.
Encryption option is available in the following cases.
- Exporting Reports data to PDF or XLSX file.
Refer to the Exporting Reports section of the Working with Reports document for more details.
- Exporting Dashboard data to PDF or XLSX file
Refer to the Exporting Dashboards section of the Working with Dashboards document for more details.
See Also