Marking Personal Fields
GDPR defines personal data as any information relating to an identified or identifiable natural person (i.e. the data subject). There is a wide range of personal data that includes email addresses, location, mobile numbers, identification numbers, etc. In Zoho CRM, fields with such data can be marked as personal fields and can further be categorized as Normal or Sensitive. While GDPR aims to protect all the personal data, there is a special category within that which can be termed as sensitive personal data. One needs to take extra care in handling sensitive data as it might include information concerning health, medical records, financial details, biometric data, religious information or any other data that uniquely identifies the data subject.
In Zoho CRM, under Setup > Security Control > Compliance Settings > Preferences, you would have selected the modules that contain data subject's personal information and which needs to be GDPR compliant. The option to Manage Personal Fields will be available only in those modules under the Data Privacy section. When fields are marked as personal, data from those fields will not be transferred or shared in the following instances: data export, API usage and integrations with other services of Zoho (Books, Finance, Campaigns, etc.).
Manage Personal Fields
You can mark fields as personal from two places.
- From the Modules list page.
- While editing a Layout
To manage personal fields from the Modules page
- Click Setup > Customization > Modules and Fields.
- Hover you mouse pointer to the module that contains data subjects' personal information.
- Click Manage Personal Fields from the list of options.
This option will be available only in those modules that you had selected under Setup > Security Control > Compliance Settings > Preferences.
- In the Personal Fields section, click Mark Personal Field.
- In the popup, select a field from the drop-down list.
Auto-Number, Formula, User and Lookup type fields cannot be marked as personal and hence, these fields will not be available in the drop-down list. - Select Normal or Sensitive to specify the kind of data that the field holds.
- Click Add Field to mark more fields as personal.
You can mark up to 30 personal fields per module. - Click Done.
To manage personal fields from the Layouts page
- Click Setup > Customization > Modules and Fields.
- Click on a module that contains data subjects' personal information.
- Choose a layout.
- In the Layout Editor page, click on the More icon for a field that you want to mark as a personal field.
Auto-Number, Formula, User and Lookup type fields cannot be marked as personal. -
Click
Edit Properties.
- In the [Field] Properties popup, select the Contains Personal Data checkbox.
- Select Normal or Sensitive to specify the type of data.
- Click Done.
- In the [Field] Properties popup, select the Contains Personal Data checkbox.
- Click Save to save the changes made to the layout.
- Auto-Number, Formula, User and Lookup type fields cannot be marked as personal.
- You can mark a field as personal in subforms also.
- In a subform, while adding aggregate fields, please note that Aggregate and Formula fields cannot be marked as personal. Whereas, under New Fields, Number, Currency and Decimal can be marked as personal.
- Associated Items - While using webhooks, functions, email templates and integrations with Zoho CRM, there is a possibility that your personal fields' data is shared outside CRM. To avoid such cases, you can click on the Information icon to see where the particular field is being used. That will help you decide and take necessary action as required.
View Personal Fields under Data Privacy Section
The Data Privacy section for a record also contains details about the personal fields. It lists the number of fields that are marked as Sensitive and the ones as Normal.
To view personal fields
- Click open the data subjects record in your CRM account.
The record could be in the Leads, Contacts, Vendors or any other custom module for which GDPR Compliance is enabled. - Click Data Privacy.
Under the Personal Data section, the number of Sensitive and Normal fields details are available. - Hover your cursor on the number to view the fields with the values for the selected record.
Personal Data Handling
You may have marked some personal data as normal and others as sensitive. Zoho CRM gives you the option to decide which type of personal data you want to restrict from being accessed through APIs or other applications that are integrated with Zoho CRM. The following options are available to protect data subject's personal data being shared across other sub processors.
Restrict Data Transfer to Zoho Apps and Third-Party Apps
To run your business, you may use multiple tools from email service providers, customer relationship management systems to collaboration platforms. Many a times, these applications are tightly integrated and your customers' data is shared among these platforms. It is essential that these third-party processors you use are also directly and legally obligated to be in compliance with GDPR. To protect your customers' data, Zoho CRM has the option to restrict sharing of personal data to Zoho apps and third party applications integrated with your CRM account.
The following table will give you the details of the various integrations and the implications when personal data is restricted. There are certain fields that are mandatory for an integration. For example, for the Zoho Project integration, Email is a mandatory field. If you mark email as a personal field, the data will not be sent from CRM to Projects. You can find more such details in the tables below.
*Please note that First and Last Name cannot be marked as personal fields.
Integrations with Zoho Apps
| Integrations with Zoho Apps |
Fields mandatory for the integration |
What happens when personal data is restricted? |
| Zoho Desk |
Last Name and Email |
Data will not be pushed from Zoho CRM. |
| Zoho Projects |
Email |
Client user will not be added through project creation or association. |
| Zoho Finance Suite |
Last Name and Email |
Data will not be pushed from Zoho CRM. |
| Zoho Campaigns |
Email |
Data will not be pushed from Zoho CRM. |
| Zoho Recruit |
Email |
Data will not be pushed from Zoho CRM. |
| Zoho Cliq |
NA |
Details other than those from the personal fields will be shared via Zoho Cliq. |
| Zoho Analytics |
NA |
If one of the previously synced field is restricted, then reports based on those fields will be deleted. |
| Zoho Writer |
NA |
NA |
| Zoho Motivator |
NA |
NA |
| Zoho Creator |
NA |
NA |
| Zoho Mail |
NA |
NA |
| Zoho Calendar |
NA |
NA |
| Zoho Social |
NA |
NA |
| Zoho Sales IQ |
NA |
NA |
| Zoho Survey |
NA |
NA |
Integrations with Third-party Apps
| Integrations with Other Apps |
Fields mandatory for the integration |
What happens when personal data is restricted? |
| Microsoft Office 365 |
First Name |
As First Name cannot be marked as a personal field, the integration will work as usual. |
| Microsoft Outlook |
First Name |
As First Name cannot be marked as a personal field, the integration will work as usual. |
| Google Contacts |
First Name |
As First Name cannot be marked as a personal field, the integration will work as usual. |
| Slack |
NA |
Details other than those from the personal fields will be shared via Slack. |
| Android or iOS Speech Recognizer (Zia Voice) |
NA |
Only call to Zia action will be disabled, the chat with Zia option will work as usual. |
To restrict data transfer to Zoho applications
- Click Setup > Security Control > Compliance Settings > Preferences.
- In the Personal Data Handling section, toggle on Restrict Data Transfer to Zoho Apps to enable it.
- Review the implications and click Restrict Personal Data to proceed.
- Select one of the following from the Data Type drop-down:
- Only Sensitive data - Values from all the sensitive personal fields will not be transferred through third-party integrations.
- Normal and Sensitive data - Values from both the normal and sensitive personal fields will not be transferred through third-party integrations.
- Only Sensitive data - Values from all the sensitive personal fields will not be transferred through third-party integrations.
- Click Save.
To restrict data transfer to third-party applications
- Click Setup > Security Control > Compliance Settings > Preferences.
- In the Personal Data Handling section, toggle on Restrict Data Transfer to Third-party Apps to enable it.
- Select one of the following from the Data Type drop-down:
- Only Sensitive data - Values from all the sensitive personal fields will not be transferred through third-party integrations.
- Normal and Sensitive data - Values from both the normal and sensitive personal fields will not be transferred through third-party integrations.
- Only Sensitive data - Values from all the sensitive personal fields will not be transferred through third-party integrations.
- Select the integrations from the Apps drop-down list for which you want to restrict data transfer.
- Click Save.
Restrict Data access through API
Using API, other applications can connect to your CRM account and data can be transferred. When data is transferred via API, you need to ensure that the personal data of your customers are not shared without a purpose. For data security, Zoho CRM has the option to restrict the sharing of personal data through API.
When data is restricted, you can not share the data outside the system via APIs.
To restrict data access through API
- Click Setup > Security Control > Compliance Settings > Preferences.
- In the Personal Data Handling section, toggle on Restrict Data access through API to enable it.
- Select one of the following from the Data Type drop-down:
- Only Sensitive data - Values from all the sensitive personal fields will not be accessed through APIs.
- Normal and Sensitive data - Values from both the normal and sensitive personal fields will not be accessed through APIs.
- Only Sensitive data - Values from all the sensitive personal fields will not be accessed through APIs.
- Click Save.
Restrict Data in Export
There may be instances when you have the requirement to export data and for security reasons, you would not want the personal data to be exported. For such cases, you can restrict the personal data (normal and sensitive) from being exported. This includes exporting reports and updating data using Zoho Sheet view. Please note the following when you restrict personal data for the export action.
- In the Zoho Sheet view, personal fields will not be available.
- When you export a report, all the fields' data will be exported except the ones in personal fields. The same is the case for scheduled reports.
- Matrix reports require fields for rows and columns. If any one of the field is a personal field (which cannot be exported) then the matrix report will not give accurate data. Hence, matrix reports with personal fields can be created but will not be exported. Same is the case for matrix scheduled reports.
- When will a report not get exported:
- If a personal field is used for the Columns to Total option.
- In a Summary report, if personal fields are used in grouping columns.
- In a Matrix report, if personal fields are used to Subtotal By column or row.
- If a personal field is used for the Columns to Total option.
To restrict data in export
- Click Setup > Security control > Compliance Settings > Preferences.
- In the Personal Data Handling section, toggle on Restrict Data in Export to enable it.
- Review the implications and click Restrict Personal data to proceed.
- Select one of the following from the Data Type drop-down:
- Only Sensitive data - Values from all the sensitive personal fields cannot be accessed in the exported data.
- Normal and Sensitive data - Values from both the normal sand sensitive personal fields cannot be accessed in the exported data.
- Only Sensitive data - Values from all the sensitive personal fields cannot be accessed in the exported data.
- Click Save.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
Zoho Sheet Resources
Zoho Forms Resources
Zoho Sign Resources
Sign, Paperless!
Zoho TeamInbox Resources
Zoho DataPrep Resources
Design. Discuss. Deliver.
Related Articles
GDPR and Zoho CRM - An Introduction
On this page, we'll be taking a look at what the new rules in GDPR are and how Zoho CRM can help you comply with them. We'll also help you understand how to protect your customers’ data. General Data Protection Regulation (GDPR) is a new set of rules ...Types of Custom Fields
In Zoho CRM, you can add different types of custom fields as per your requirements. These fields will be available to all the users added to your organization's CRM account. Customize Zoho Defined Fields : You can edit, delete and hide some of Zoho ...Working with Custom Fields
In Zoho CRM, you can add new fields as per your requirements. These fields will be available to all the users added to your organization's CRM account. Customize Zoho Defined Fields: You can edit, delete and hide some of Zoho defined fields, but note ...Data Privacy
A record's details are available in two sections - Info and Timeline. When you switch on GDPR Compliance in your Zoho CRM account, you will be able to view another section, namely Data Privacy. This section has the following details: Data Source ...Data Subject Rights
The GDPR explicitly states certain rights for the data subjects in Articles 12 to 23. We need to understand and fullfil them when individuals seek to exercise those rights. Right of access: The subject's right to obtain from the controller, the ...