What Is GDPR and Why Does It Matter?

Businesses that collect, stores, or processes personal data of EU residents like a name, email address or even phone number, businesses are legally obliged to comply with the EU's GDPR. To to avoid penalties and to build trust with your customers by being transparent about how you handle their personal data, GDPR compliance is a must. Regardless of whether you operate in the EU, any interaction you engage with EU residents in any way requires a proper GDPR compliance.

Why Is It Crucial to Have a GDPR-Compliant Cloud Telephony?   

As a GDPR-compliant cloud telephony system, Zoho Voice ensures that:

• Only necessary personal data is collected and stored lawfully, fairly, securely, and transparently.

• All call logs and messaging records are managed securely, with access controls in place.

• Customers can access, update, or request the deletion of their data.

• All usage and access logs are maintained as required by law.

How Does Zoho Voice Support You?   

Security Certification   

• ISO 27001 – Information Security Management System (ISMS)
  
• ISO 27017 – Cloud Service Security Controls
• ISO 27018 – Protection of Personally Identifiable Information (PII) in Public Clouds
• ISO 27701 – Privacy Information Management System (PIMS)
• SOC 2 Type II – Trust Services Criteria: Security, Availability, and Confidentiality
• ISO 9001 – Quality Management System
  

In addition, Zoho Voice is ENS certified (medium level) and fully GDPR-compliant, ensuring strong data privacy and protection for all users.

Learn more about the security and compliance standards Zoho Voice follows.

Data Hosting and Migration   

Our secure data centers are located in the EU and US. Regardless of where your account was created, your data can be migrated to data centers in the EU upon request. To minimize the impact on your business, this process will be carried out with no anticipated downtime.

Data Encryption   

Once inside Zoho Voice, sensitive data is protected from unauthorized access, disclosure, or modification. We employ encryption protocols and security methods to ensure this.

Disclosure of Data   

Audit Logs   

Audit logs capture detailed information about every action performed in your Zoho Voice account, including additions, updates, and deletions of records. These logs also track key communication data such as call logs, notes, recordings, voicemails, and messages.

Refer to the Retention Policy section for details on how long these logs are stored.

Note: The Audit log feature in Zoho Voice is currently under development and is not yet available for direct access. However, if required, audit logs can be provided to users upon request.

Retention Policy   

Zoho Voice retains your account data for as long as you actively use the service. Once you terminate your Zoho Voice account, your data will be removed from the active database during the next cleanup cycle, which occurs every 90 days. Additionally, data removed from the active database will be permanently deleted from backup systems after another 90-day period.

Below is a detailed breakdown of our data retention periods:

* Data remains available for 90 days after an organization or account is deleted. When an organization is deleted, all associated data is also deleted but retained for 90 days. If a user is deleted, their data is anonymized and remains accessible until the organization itself is deleted.

** When a user requests a data backup, Zoho Voice provides the data as a downloadable backup file. Deleted data cannot be added back to the user's Zoho Voice account.

For example, deleted call logs cannot be added back to the Logs module in Zoho Voice. It can be given only as a downloadable backup file.

We're constantly upgrading our security measures to help you on your compliance journey. Organizations that are found to be non-compliant, or have breached the regulation, may face a fine of up to €20 million or 4% of the organization's annual turnover, whichever is higher.

Learn more about Zoho's GDPR readiness.