Does your CRM help you comply with GDPR (General Data Protection Regulation)?
GDPR requires your business processes to go beyond just ensuring data protection. It requires that you are transparent and secure in processing personal data.
Here are the three main areas where Zoho CRM will help by simply switching on Compliance Settings; which is a provision to help you decide how you want to handle, manage, and process personal data of your customers to comply with GDPR for your organization.
Data Collection
Keep track of the sources for your customer data, and validate your customer’s interest in your service before you start processing their information.
With multiple sources for customer data (webforms, imports, manual creation, APIs, or third-party integrations), keep track of it all under the customer’s record details. In the case of webforms, additional details like form name and IP address will be captured.
Enable features like Double opt-in mechanism for webforms so customers who submit their information will have to confirm their submission before their data is pushed into Zoho CRM. Double opt-in helps you get quality leads, and lets you dedicate time and resources on people who want to hear from you.
Data Processing
Ensure lawful and secure processing of your customer’s personal data. Stay accountable by documenting the processing activities done on a customer’s data.
Identify, categorize, and mark customers based on one of the six lawful bases for data processing: Legitimate Interest, Consent, Performance of a Contract, Legal Obligations, Vital Interest, or Public Interests.
Based on the type of customer and the personal information being processed, you must ask for their consent. Easily obtain consent through a customizable form, which you can email to your customers.
Mark fields that contain personal information and decide if the information is sensitive or not. Based on the preferences under the Compliance Settings, you can restrict information in these fields from being processed during exports, APIs, and connected services.
Zoho CRM uses one of the strongest and most robust ciphers – AES (Advanced Encryption Standard) – to encrypt your sensitive data. In addition to protecting data during transit, Zoho CRM secures data stored in servers using AES-256 encryption standard to ensure anonymity of customer information, in case of a leak or a breach.
Monitor your team’s activities with audit logs, so you can track who did what and when. For example, all actions done by your users with respect to record deletion and modifications will be audited.
Data Subject Rights
Customers can exercise various rights they are entitled to under GDPR at any time. Keep track of these requests and address them in a timely manner.
Access (Right to Access)
Let your customers access their data through the Customer Portal. Or let them know they can access it by sending them an email, which you can create by inserting the required merge fields in a template.
Rectify (Right to Rectify)
Export customer information with ease, send to them for rectification, and update it in CRM. If customers have access to the Customer Portal, they can view their information there and update it themselves, when necessary.
Export (Right to Data Portability)
Export
customer information as a CSV file, which is directly attached to an email, and
then sent to the customer. This export ensures that no information is stored on
external devices.
Stop Process (Right to Restrict Processing)
When
this right is exercised, the customer’s record gets locked automatically to
prevent any further processing of the information.
Erase (Right to
be Forgotten)
You
can easily delete a customer’s information from Zoho CRM when a “Right to
be Forgotten” is requested. Once deleted, the record will be moved to a
blocklist to warn users when the same record is being pushed into the system
again.
