Consent Management

Consent Management

Zoho CRM's consent management settings helps you get consent from your prospects and customers. We provide a system where you can customize the consent form, include it in your email templates, set consent related preferences, and most importantly, get assistance in keeping track of consent details.

Consent can be applied to records in the Contacts, Leads, Vendors, and custom modules. Upon enabling GDPR Compliance Settings in Zoho CRM, you can start marking lawful basis for data processing and get the essential consent as the case may be.

You will begin by marking the records whose data needs to be processed after obtaining consent. Next, customize the consent form and include its link in the email template. This email template can be used to send email to the data subjects that you require consent from. Later, the consent status can be tracked for individual records and records in bulk. 

  • Inform the data subjects on the purpose of consent and data processing.
  • If you deviate from the original purpose of data processing for which you received consent, then you will need to get consent from the data subjects again.
  • Make sure to keep your consent requests separate from any other terms and conditions.
  • Do not use pre-ticked checkboxes or any other options selected by default in your consent forms. Consent should be a deliberate action by the data subjects to opt in.
  • The consent request or form should contain details about who is collecting the consent (data controller), where the data is processed (data processor), and where the data is being shared.
  • Maintain a proper record of the consent collected. This is important in order to demonstrate that the data subject has given proper consent to process data.
  • Avoid usage of technical terms and legal jargons while getting consent. Keep your message clear and simple.
  • Make a point of refreshing consent at regular intervals.

There are a few ways that you can get consent from the data subjects.

  • Consent form - The consent form available in Zoho CRM can be customized with various fields that ask for communication preferences, consent statements by the data subjects, etc. The link to this form can be used in email templates and sent to get consent.
    You can send individual emails from a record, or mass email to a list of records.
  • Update manually - When you get consent during a call or in person, you can update it manually in the Data Privacy section of a record.
  • Via portal - Data subjects who have access to the Zoho CRM portal, can update their consent from the portal.

There are three stages that you can track in Zoho CRM with respect to consent as the lawful basis for processing data. Please note that primary email field is used to update the consent status in all the similar records that have the same email address as the primary one in your Zoho CRM account. For example, you get consent from a lead, and when you convert the lead, the created contact will be updated with the consent status.

  • Pending - When the request for consent is not sent to the data subjects.
  • Waiting - When the consent form has been sent and you are waiting for a reply.
  • Obtained - When you have received consent from the data subject.
  • Not Responded - When you have not received consent from the data subject within the waiting period defined in the Consent Settings.

From Setup > Users and Control > Compliance Settings > Overview, you can view the records that fall under each consent status - PendingWaiting, and Obtained. You can click on a status to view the records and perform the necessary actions such as sending consent email to the selected records, updating the data processing basis, etc.

Consent Settings helps you define two things:

  • A waiting period to get consent: You a define a time within which you need to get a reply from the data subjects regarding the consent request. This could be in days or months. When you do not get consent within the specified time, the consent status is marked as Not Responded and is automatically locked. Data from these records will not be processed.
  • Restrict actions for the records: During this waiting period, when the controller is waiting for a response from the data subjects you can decide what needs to be done with the records. The options include - processing data as usual, stopping data processing, restricting certain actions for the records such as, emailing, calling, editing, etc.

To define consent settings

  1. Click Setup > Users and Control > Compliance Settings > Preferences.
  2. Under  Consent Settings section, do the following:
    • Waiting Period - Select the period in Days or Months.
      After this waiting period is over, the consent status is updated as Not Responded.
    • Manage Actions in a record when the consent is unavailable - Select one of the following:
      • Process data as usual - You can continue to work with the records as usual.
      • Stop processing data - The records will be locked and data form the record will not be processed.
      • Restrain certain actions - Select the actions that needs to be restricted when the consent is yet to be received.
  3. Click Save.

The consent form can be customized and it allows controllers to state the explicit details for which they are obtaining consent. The following can be added in the form: 

  • The purpose of data collection.
  • Preferred communication channel.

To set up the consent form

  1. Click Setup > Users and Control > Compliance Settings.
  2. In the Compliance Settings page, click the Consent Form sub tab.
  3. Select the Language that you want your data subjects to view the form in.
  4. Under the  Consent Portal, do the following to customize the form:
    • Add relevant text to state the purpose of using their personal data and why you are getting consent.
    • For the Communication Preferences, specify a short description. For example: Allow us to contact you through:
    • Click the Show/Hide links for the corresponding options (Email, Phone, Survey) to make them visible/hidden in the form.
      Based on the selection, the option to send emails, make calls or send surveys will be disabled for the corresponding records.
    • For Consent Statement, add a message that asks the data subjects to provide remarks, if any.
    • Add your Privacy Statement in the text box.
    • Specify any additional text before the Submit button in the form.
  5. Click Preview to check the form, then click Save.
Note
  • When consent is collected and the data subject agrees to receive communication only via emails and not through calls, it is automatically restricted in Zoho CRM. The call icon next to the phone number will be disabled. Similarly, Say if Dan, your customer, wishes to be contacted only through calls, then the Send Email button will be disabled. Emails will not be send through any channel such as sending email from list views, using mass email option, workflows, etc.
  • Likewise, if Dan prefers not to be contacted through surveys, the Insert Survey link in the email composer will be disabled. Also, the Send Survey option under the Related list will not be available. From the list view, when you send an email using a template that has a survey link, the email will not be sent Don. The alert message will list out the reasons for not sending emails.
  • Portal users can update the consent details from their Zoho CRM Portal. The portal user can also update the consent details of the Leads/Contacts that they add. See Also Data Privacy for Portal Users

To make sure that the data collected is only used for the purpose stated by the controller and to ensure privacy and security of the data collected, Zoho CRM has provided multiple options. There are two ways these consents can be collected:

  • You can send an email asking data subjects to fill in the consent form and mention their preferences.
  • You can obtain the consent via a call or any other means and update it in your CRM account.

The consent form's link can be added:

  • in an email template and used to send emails.
  • while composing an email that is being sent to an individual.

To add the consent link in an email template

  1. Go to Setup > Customization > Templates > Email.
  2. Click + New Template.
    You can also add the link to your existing email templates.
  3. Select the module that the email template has to be created for from the drop-down list and click Next.
  4. Choose the Blank template or one of the existing templates from the gallery and customize it.
  5. Drag and drop all the required components from the All Components section onto the template and customize it as needed.
  6. Select an appropriate line of text and click the  Create Link icon from the editor.

    • In the Add Link popup, select Consent form link.
    • Select the Consent form language form the drop-down list.
    • Click Save.
  7. Customize the template and Save it to the appropriate folder. See Also Email Templates

To add the consent link in an email

  1. Select a record to send the consent form's link.
  2. In the Record's Details page, click Send Email.
  3. Draft your email in the email composer window.
  4. Select a word or phrase that should have the link to the form.
  5. Click the Link icon and then select the Consent Form icon.
  6. In the pop-up, select the Consent Form Language from the drop-down list and click Save.
  7. Click Send.

To update the consent details manually

  1. Click open the data subjects record in your CRM account.
    The record could be in the Leads, Contacts, Vendors or any other custom module for which GDPR Compliance is enabled.
  2. Click Data Privacy.
  3. Under Consent Detailsmark the Data Processing Basis as Applicable and select Consent from the drop-down list.
  4. Under the Pending status, click the Update consent details link.
  5. In the  Update Consent Details popup, do the following:
    • Select Email or Call, to maintain a record of how you received the consent.
    • In the Consent Date field, specify the date when you got the consent.

    • Add Consent Remarks, if any.
    • Select from the list of Communication Preferences mentioned by the data subject.
    • Click Save.

To view the status of the consent request

  1. Click Setup > Users and Control > Compliance Settings > Overview.
    Under Data Processing Basis, the various consent statuses are listed.
  2. Select a module from the drop-down list for which you want to check the status of the consent.
  3. Click on a status to view the records that fall under that category.
    For records under pending status, you can select the records and send consent form or update the data processing basis.

Before implementing consent management for your business, you need to understand the three categories of data subjects here.

  • Customer from whom you do not need to get consent.
  • Existing customers from whom you need to get consent.
  • New customers from whom you need to get consent.

I. Customer from whom you do not need to get consent.

As per your discretion and business cases, data subjects whose personal data will be processed under lawful bases other than consent needs to be filtered out first. Here is how:

  1. Create a list view that filters out these records. See Also Managing List Views
  2. Select record in the list view.
  3. Click the More icon, and then click Update Data Processing Basis.
  4. Apply the data processing basis as Not Required, or any one of the bases other than Consent.

II. Existing customers from whom you need to get consent.

For your existing customers or other data subjects in your CRM account, you can get consent by using the consent form in Zoho CRM.

  1. Customize the consent form.
  2. Create an email template with the consent form link.
  3. Create a list view that filters out the new record that you want to send the consent email to. See Also Managing List Views
  4. Select the records from the list view and use the Send email option.
  5. Choose the template with the consent form's link and send it to the selected data subjects.

III. New customers that you need to get consent from.

For new customers or other data subjects you can be prepared by creating an email template containing the consent form's link.

  1. Customize the consent form.
  2. Create an email template with the consent form link.
  3. Use the email template to send emails from list view, and workflow rules.
    • Related Articles

    • What are the lawful bases the data controller can use to process customer data?

      The data controller can choose from six data processing bases. These are: 1. Contract- This applies when you need to process the customer's personal data to fulfill your contractual obligations, or to take some action based on the customer's request ...
    • Inventory Management

      Zoho CRM extends beyond the traditional sales related functions and supports complete sales cycle management by integrating Inventory Management features. This allows businesses to manage their pre-sales and post-sales accounting activities in a ...
    • Including Opt-in Checkbox in Web Forms for Consent

      You may already have some Zoho CRM web forms in use that are published in your website. You need to follow the steps given below to add a consent checkbox to those web form. The same steps can also be followed to include consent checkbox in a new ...
    • Territory Management - An Overview

      What is a Territory? A territory is the demarcation of the sales force structure by which customers accounts are grouped and shared with the sales people of an organization. Territories can be based on various factors such as geography, industry, ...
    • What are the different ways through which you can obtain consent from the customer?

      You can obtain the customer's consent either through an email (manual email or a consent form attached to an email), through Portals, or orally through phone calls.