Marking Personal Fields

Marking Personal Fields

 Cloudtool Technologies Pvt Ltd

GDPR defines personal data as any information relating to an identified or identifiable natural person (i.e. the data subject). There is a wide range of personal data that includes email addresses, location, mobile numbers, identification numbers, etc. In Zoho CRM, fields with such data can be marked as personal fields and can further be categorized as Normal or Sensitive. While GDPR aims to protect all the personal data, there is a special category within that which can be termed as sensitive personal data. One needs to take extra care in handling sensitive data as it might include information concerning health, medical records, financial details, biometric data, religious information or any other data that uniquely identifies the data subject.

In Zoho CRM, under Setup > Security Control > Compliance Settings > Preferences, you would have selected the modules that contain data subject's personal information and which needs to be GDPR compliant. The option to Manage Personal Fields will be available only in those modules under the Data Privacy section. When fields are marked as personal, data from those fields will not be transferred or shared in the following instances: data export, API usage and integrations with other services of Zoho (Books,  Finance, Campaigns, etc.).


Manage Personal Fields

You can mark fields as personal from two places.

  • From the Modules list page.
  • While editing a Layout

To manage personal fields from the Modules page

  1. Click Setup > Customization > Modules and Fields.
  2. Hover you mouse pointer to the module that contains data subjects' personal information.
  3. Click Manage Personal Fields from the list of options.
    This option will be available only in those modules that you had selected under Setup > Security Control > Compliance Settings > Preferences.
  4. In the Personal Fields section, click Mark Personal Field.
  5. In the popup, select a field from the drop-down list.
    Auto-NumberFormulaUser and Lookup type fields cannot be marked as personal and hence, these fields will not be available in the drop-down list.
  6. Select Normal or Sensitive to specify the kind of data that the field holds.
  7. Click Add Field to mark more fields as personal.
    You can mark up to 30 personal fields per module.
  8. Click Done.

To manage personal fields from the Layouts page

  1. Click Setup > Customization > Modules and Fields.
  2. Click on a module that contains data subjects' personal information.
  3. Choose a layout.
  4. In the Layout Editor page, click on the More icon for a field that you want to mark as a personal field.
    Auto-NumberFormulaUser and Lookup type fields cannot be marked as personal.
  5. Click
     
    Edit Properties.
    • In the [Field] Properties popup, select the Contains Personal Data checkbox.
    • Select Normal or Sensitive to specify the type of data.
    • Click Done.
  6. Click Save to save the changes made to the layout.
Note
  • Auto-Number, Formula, User and Lookup type fields cannot be marked as personal.
  • You can mark a field as personal in subforms also.
  • In a subform, while adding aggregate fields, please note that Aggregate and Formula fields cannot be marked as personal. Whereas, under New FieldsNumberCurrency and Decimal can be marked as personal.

  • Associated Items - While using webhooks, functionsemail templates and integrations with Zoho CRM, there is a possibility that your personal fields' data is shared outside CRM. To avoid such cases, you can click on the Information icon to see where the particular field is being used. That will help you decide and take necessary action as required.

View Personal Fields under Data Privacy Section

The Data Privacy section for a record also contains details about the personal fields. It lists the number of fields that are marked as Sensitive and the ones as Normal.

To view personal fields

  1. Click open the data subjects record in your CRM account.
    The record could be in the Leads, Contacts, Vendors or any other custom module for which GDPR Compliance is enabled.
  2. Click Data Privacy.
    Under the Personal Data section, the number of Sensitive and Normal fields details are available.
  3. Hover your cursor on the number to view the fields with the values for the selected record.

Personal Data Handling

You may have marked some personal data as normal and others as sensitive. Zoho CRM gives you the option to decide which type of personal data you want to restrict from being accessed through APIs or other applications that are integrated with Zoho CRM. The following options are available to protect data subject's personal data being shared across other sub processors.

Restrict Data Transfer to Zoho Apps and Third-Party Apps

To run your business, you may use multiple tools from email service providers, customer relationship management systems to collaboration platforms. Many a times, these applications are tightly integrated and your customers' data is shared among these platforms. It is essential that these third-party processors you use are also directly and legally obligated to be in compliance with GDPR. To protect your customers' data, Zoho CRM has the option to restrict sharing of personal data to Zoho apps and third party applications integrated with your CRM account.

The following table will give you the details of the various integrations and the implications when personal data is restricted. There are certain fields that are mandatory for an integration. For example, for the Zoho Project integration, Email is a mandatory field. If you mark email as a personal field, the data will not be sent from CRM to Projects. You can find more such details in the tables below.

*Please note that First and Last Name cannot be marked as personal fields.

Integrations with Zoho Apps

Integrations with Zoho Apps
Fields mandatory for the integration
What happens when personal data is restricted?
Zoho Desk
Last Name and Email
Data will not be pushed from Zoho CRM.
Zoho Projects
Email
Client user will not be added through project creation or association.
Zoho Finance Suite
Last Name and Email
Data will not be pushed from Zoho CRM.
Zoho Campaigns
Email
Data will not be pushed from Zoho CRM.
Zoho Recruit
Email
Data will not be pushed from Zoho CRM.
Zoho Cliq
NA
Details other than those from the personal fields will be shared via Zoho Cliq.
Zoho Analytics
NA
If one of the previously synced field is restricted, then reports based on those fields will be deleted.
Zoho Writer
NA
NA
Zoho Motivator
NA
NA
Zoho Creator
NA
NA
Zoho Mail
NA
NA
Zoho Calendar
NA
NA
Zoho Social
NA
NA
Zoho Sales IQ
NA
NA
Zoho Survey
NA
NA

Integrations with Third-party Apps

Integrations with Other Apps
Fields mandatory for the integration
What happens when personal data is restricted?
Microsoft Office 365
First Name
As First Name cannot be marked as a personal field, the integration will work as usual.
Microsoft Outlook 
First Name
As First Name cannot be marked as a personal field, the integration will work as usual.
Google Contacts
First Name
As First Name cannot be marked as a personal field, the integration will work as usual.
Slack
NA
Details other than those from the personal fields will be shared via Slack.
Android or iOS Speech Recognizer (Zia Voice)
NA
Only call to Zia action will be disabled, the chat with Zia option will work as usual.

To restrict data transfer to Zoho applications

  1. Click Setup > Security Control > Compliance Settings > Preferences.
  2. In the Personal Data Handling section, toggle on Restrict Data Transfer to Zoho Apps to enable it.
  3. Review the implications and click Restrict Personal Data to proceed.
  4. Select one of the following from the Data Type drop-down:
    • Only Sensitive data - Values from all the sensitive personal fields will not be transferred through third-party integrations.
    • Normal and Sensitive data - Values from both the normal and sensitive personal fields will not be transferred through third-party integrations.
  5. Click Save.

To restrict data transfer to third-party applications

  1. Click Setup > Security Control > Compliance Settings > Preferences.
  2. In the Personal Data Handling section, toggle on Restrict Data Transfer to Third-party Apps to enable it.
  3. Select one of the following from the Data Type drop-down:
    • Only Sensitive data - Values from all the sensitive personal fields will not be transferred through third-party integrations.
    • Normal and Sensitive data - Values from both the normal and sensitive personal fields will not be transferred through third-party integrations.
  4. Select the integrations from the Apps drop-down list for which you want to restrict data transfer.
  5. Click Save.

Restrict Data access through API

Using API, other applications can connect to your CRM account and data can be transferred. When data is transferred via API, you need to ensure that the personal data of your customers are not shared without a purpose. For data security, Zoho CRM has the option to restrict the sharing of personal data through API.

When data is restricted, you can not share the data outside the system via APIs.

To restrict data access through API

  1. Click Setup > Security Control > Compliance Settings > Preferences.
  2. In the Personal Data Handling section, toggle on Restrict Data access through API to enable it.
  3. Select one of the following from the Data Type drop-down:
    • Only Sensitive data - Values from all the sensitive personal fields will not be accessed through APIs.
    • Normal and Sensitive data - Values from both the normal and sensitive personal fields will not be accessed through APIs.
  4. Click Save.

Restrict Data in Export

There may be instances when you have the requirement to export data and for security reasons, you would not want the personal data to be exported. For such cases, you can restrict the personal data (normal and sensitive) from being exported. This includes exporting reports and updating data using Zoho Sheet view. Please note the following when you restrict personal data for the export action.

  • In the Zoho Sheet view, personal fields will not be available.
  • When you export a report, all the fields' data will be exported except the ones in personal fields. The same is the case for scheduled reports.
  • Matrix reports require fields for rows and columns. If any one of the field is a personal field (which cannot be exported) then the matrix report will not give accurate data. Hence, matrix reports with personal fields can be created but will not be exported. Same is the case for matrix scheduled reports.
  • When will a report not get exported:
    • If a personal field is used for the Columns to Total option.
    • In a Summary report, if personal fields are used in grouping columns.
    • In a Matrix report, if personal fields are used to Subtotal By column or row.

To restrict data in export

  1. Click Setup > Security control > Compliance Settings > Preferences.
  2. In the Personal Data Handling section, toggle on Restrict Data in Export to enable it.
  3. Review the implications and click Restrict Personal data to proceed.
  4. Select one of the following from the Data Type drop-down:
    • Only Sensitive data - Values from all the sensitive personal fields cannot be accessed in the exported data.
    • Normal and Sensitive data - Values from both the normal sand sensitive personal fields cannot be accessed in the exported data.
  5. Click Save.


    • Related Articles

    • Working with Custom Fields

      Cloudtool Technologies Pvt Ltd In Zoho CRM, you can add new fields as per your requirements. These fields will be available to all the users added to your organization's CRM account. Customize Zoho Defined Fields: You can edit, delete and hide some ...
    • Types of Custom Fields

      Cloudtool Technologies Pvt Ltd In Zoho CRM, you can add different types of custom fields as per your requirements. These fields will be available to all the users added to your organization's CRM account. Customize Zoho Defined Fields : You can edit, ...
    • Building Formula Fields

      Cloudtool Technologies Pvt Ltd The Zoho CRM formula fields enable you to define fields that can populate dynamically calculated data based on the values returned from other standard or custom fields. For instance, an insurance company may need to ...
    • Creating Formula Fields

      Cloudtool Technologies Pvt Ltd Formula fields are used to calculate different types of values, including numeric values, text values, date values, etc. Formula fields and their resulting return value have certain data types associated with them and ...
    • Modifying Special Fields

      Cloudtool Technologies Pvt Ltd Some fields in Zoho CRM are not common to all modules, they are available and applicable only for particular modules depending on the purpose they serve. These fields are termed as special fields. The list of special ...