Zoho CRM | GDPR | Knowledge Base

GDPR
Who/what is a DPO?
A Data Protection Officer (DPO) assists you to monitor internal compliance, informs and advises you on your data protection obligations, provides advice regarding Data Protection Impact Assessments (DPIAs), and acts as a contact point between data ...
What will happen to my existing data in Zoho CRM after GDPR takes effect?
After GDPR takes effect on May 25, all existing records in your Zoho CRM account will need to be marked under the appropriate lawful processing basis. You can do this through: The Overview Page List View of the relevant module Individual records
How does Zoho CRM help in your compliance journey?
These are the ways through which Zoho CRM helps you with GDPR compliance. Data source tracking- Zoho CRM records the source of the data (direct sources like web forms and indirect sources like the UI, imports, APIs and other third-party ...
What rights will data subjects have under GDPR in Zoho CRM?
Data subjects will have five out of eight fundamental rights under GDPR in Zoho CRM: The Right To Access- Customers have the right to know exactly what information is held about them and how it is processed. (GDPR Article 15). The Right to ...
What are the different ways through which you can obtain consent from the customer?
You can obtain the customer's consent either through an email (manual email or a consent form attached to an email), through Portals, or orally through phone calls.
What will happen if organizations don't comply with GDPR?
Organizations can be fined upto 4% of their annual global turnover, or 20 million euros (whichever is higher), for the most serious data breaches or infringements, including not having sufficient customer consent to process data or violating the core ...
Is encryption of data mandatory under GDPR?
No, GDPR doesn't mandate the encryption of customers' data. However, Zoho CRM allows you to encrypt fields manually in the Field Properties page.
Can I use the encrypted field in a webform?
Yes, you can use an encrypted field in a webform.
I have turned compliance off. How will this affect the existing data process of my records?
When you go to the compliance settings and turn compliance off, the processing activities that you had previously done with the data subject's data will become ineffective, and the data will be processed without applying any data processing basis.
Can data subjects request that their data be removed or deleted from Zoho CRM?
Data subjects can use the Right To Erasure (or Right to be Forgotten- Article 17), to request that their personal data be deleted or removed from Zoho CRM. As a data controller, you will have to delete the data if the customer ask for it, unless you ...
How can the data controller keep track of the various processing activities that have taken place in Zoho CRM?
The data controller can go to the existing Timeline view and track the updates and changes made to the data processing activities in Zoho CRM.
What happens to the data if a customer doesn't respond to a consent email within a certain time period?
If the customer doesn't respond to a consent email, the data controllers can decide how long they want to wait for a response. Once it exceeds that time period, the status will be Not Responded and the data will not be processed.
How can the data controller classify fields in Zoho CRM?
The data controller has the option to mark the user's fields as personal and sensitive in Zoho CRM. The controller can also decide to restrict these fields from activities like exports, APIs, and other connected services of Zoho CRM (Books, Finance, ...
Can I filter leads and contacts based on their data processing basis?
Yes, you can filter leads and contacts based on their data processing basis.
Can data subjects edit or delete their own data before giving consent to the data controllers?
Yes, data subjects can edit and update their personal data before they give consent, through the Right to Rectify (Article 16) and the Right to Erasure (Article 17).
Who can access the compliance settings in Zoho CRM?
Those having the Administrator profile can access the compliance settings in Zoho CRM.
How often can I review the lawful basis of processing data?
As the data controller, you should periodically review the lawful basis under which you processed customers' data. This is because the lawful basis under which you initially processed personal data and the purpose of data collection can change over ...
Where can I find additional resources on GDPR?
Here are some links for additional reading on GDPR: Find your supervisory authority- http://gdprandyou.ie/resources The EU Data Protection Supervisor- https://edps.europa.eu/ The EU GDPR Website- https://www.eugdpr.org/eugdpr.org.html Rules for ...
What is GDPR, and how will it impact organizations?
The General Data Protection Regulation (or GDPR) is a new regulation developed by the European Union (EU) which involves the protection and free movement of personal data and the rights of individuals, including children. It is a set of rules which ...
Who will GDPR apply to?
GDPR will apply to companies located in the EU, as well as companies who do business with residents of the EU, irrespective of the company's location.
Who are the key stakeholders in GDPR?
Data Subject- Any person whose personal data you collect or process. Data Controller- The person who determines the purpose and methods for processing the data. Joint Controllers- Two or more controllers who jointly determine the purposes and methods ...
What is LIA?
LIA stands for Legitimate Interests Assessment. It specifies the reason an organization wants to process a customer's personal data. The organization must also conduct an LIA to show that the processing is necessary. An LIA is split into three steps: ...
Will GDPR compliance be applicable to all modules in Zoho CRM?
GDPR compliance is applicable only for the people-related modules in the organization. In Zoho CRM, it applies to the Leads, Contacts, Vendors, and custom modules.
What are the lawful bases the data controller can use to process customer data?
The data controller can choose from six data processing bases. These are: 1. Contract- This applies when you need to process the customer's personal data to fulfill your contractual obligations, or to take some action based on the customer's request ...
How can GDPR be enabled for existing customers?
You can enable GDPR for existing customers by clicking Setup > Users and Control > Compliance Settings, turning compliance settings on, and selecting those modules for which compliance will be applicable.
My business isn't based in the EU. I don't have customers from the EU either. Do I still need to comply with GDPR?
GDPR is not mandatory if you neither have a business in the EU nor deal with EU residents. However, if you want to ensure better security and privacy of customers' data, it is recommended to have GDPR compliance turned on. You can do this by clicking ...
Can I mark my data as personal?
Yes, you can mark your data as personal. Once you do that, you can additionally choose which fields you want to mark as normal and which fields you want to mark as sensitive.
How many fields can I mark as personal?
You can mark a maximum of 30 fields in each module as personal.
Which field types can be marked as personal?
All fields, with the exception of the lookup, user lookup, formula and auto number fields can be marked as personal.
How can I mark my data as personal?
To mark your data as personal: Go to Setup > Customization > Modules and Fields Hover your mouse pointer over the module that has the data subjects' personal information. Click Manage Personal Fields from the drop-down list. In the Manage Personal ...
Once I've marked my data as personal, how will it affect data processing?
When you mark your data as personal, the data will be restricted from activities like exports, APIs and other connected services of Zoho CRM (Books, Finance, Campaigns etc).
Can the fields in subforms also be marked as personal?
Yes, you can also mark those fields which are supported for processing in subforms as personal.
Is double opt-in mandatory for data processing?
No, double opt-in is not mandatory for data processing. However, a double opt-in is recommended to ensure that the customers are authentic, and genuinely interested in the product. Under double opt-in, customers will receive an additional email to ...
We are based in the US and have and have clients from both the USA and Canada. Will GDPR have any impact on us?
GDPR applies in those scenarios when: Your organization processes personal data of data subjects who are in the EU, irrespective of the company's location. Your organization offers goods/services to data subjects in the EU. Your organization monitors ...
I am using Zoho CRM, Survey and Campaigns. I have created a consent form, but cannot see alerts when a customer has already consented. Will I also receive notifications when the data is pushed into Campaigns from Zoho CRM?
The moment you get consent from your customers through the consent form in Zoho Campaigns, the data processing status changes to Consented. You can view all the contacts who have given consent by clicking on Subscribers > Manage Consent > Expressed. ...
How do I enable double opt-in for my web form?
To enable double opt-in: Go to Setup > Developer Space > Webforms > Create Web Form. Drag and drop the fields that you want in your web form. Click Next Step. In the Form Details page, enter the relevant form details. Select the Enable Double ...
Can I restrict personal data from being accessed outside Zoho CRM?
Yes, you can restrict the data subject's personal data from being accessed outside Zoho CRM. Once you've marked the data as personal and sensitive, you can: Restrict data transfer to Zoho Apps/Integrations. Restrict data access through APIs. Restrict ...
How can I restrict personal data from being shared?
To restrict personal data from being shared: Go to Setup > Users and Control > Compliance Settings. Click on the Preferences tab. Under Personal Data Handling, select where you would like to restrict the data transfer (Zoho Apps, third-party apps, ...
Where can I update the data processing basis?
You can update the data processing basis for customers in the record details page. To do this, click on the Data Privacy tab, select or edit the data processing basis. The third way is through the consent overview dashboard. Go to Setup > Compliance ...
What is waiting period?
It is the amount of time you would like to wait, for a response to your consent email. The organization can set this waiting period. Once this waiting period is exceeded, all processing activities related to the record will be stopped.
Next page

Zoho CRM | GDPR | Knowledge Base

GDPR

Who/what is a DPO?

What will happen to my existing data in Zoho CRM after GDPR takes effect?

How does Zoho CRM help in your compliance journey?

What rights will data subjects have under GDPR in Zoho CRM?

What are the different ways through which you can obtain consent from the customer?

What will happen if organizations don't comply with GDPR?

Is encryption of data mandatory under GDPR?

Can I use the encrypted field in a webform?

I have turned compliance off. How will this affect the existing data process of my records?

Can data subjects request that their data be removed or deleted from Zoho CRM?

How can the data controller keep track of the various processing activities that have taken place in Zoho CRM?

What happens to the data if a customer doesn't respond to a consent email within a certain time period?

How can the data controller classify fields in Zoho CRM?

Can I filter leads and contacts based on their data processing basis?

Can data subjects edit or delete their own data before giving consent to the data controllers?

Who can access the compliance settings in Zoho CRM?

How often can I review the lawful basis of processing data?

Where can I find additional resources on GDPR?

What is GDPR, and how will it impact organizations?

Who will GDPR apply to?

Who are the key stakeholders in GDPR?

What is LIA?

Will GDPR compliance be applicable to all modules in Zoho CRM?

What are the lawful bases the data controller can use to process customer data?

How can GDPR be enabled for existing customers?

My business isn't based in the EU. I don't have customers from the EU either. Do I still need to comply with GDPR?

Can I mark my data as personal?

How many fields can I mark as personal?

Which field types can be marked as personal?

How can I mark my data as personal?

Once I've marked my data as personal, how will it affect data processing?

Can the fields in subforms also be marked as personal?

Is double opt-in mandatory for data processing?

We are based in the US and have and have clients from both the USA and Canada. Will GDPR have any impact on us?

I am using Zoho CRM, Survey and Campaigns. I have created a consent form, but cannot see alerts when a customer has already consented. Will I also receive notifications when the data is pushed into Campaigns from Zoho CRM?

How do I enable double opt-in for my web form?

Can I restrict personal data from being accessed outside Zoho CRM?

How can I restrict personal data from being shared?

Where can I update the data processing basis?

What is waiting period?

Next page