GDPR Compliance in Zoho Analytics
The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) effective from May 25, 2018. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. This applies to the data of all the residents of the European Union.
At Zoho Analytics, we have always honored our users' right to data privacy and protection. Over the years, we have demonstrated our commitment to data privacy and protection by constantly meeting and exceeding industry standards. Our compliance with ISO 27001:2013 and SOC 2 Type II is an effort towards this. We have no need to collect and process users’ personal information beyond what is required for the functioning of Zoho Analytics, and this will never change. We have a privacy-conscious culture here and GDPR is an opportunity for us to strengthen this even further.
Designed to help you meet the privacy standards set by the EU, Zoho Analytics has multiple GDPR-centric enhancements that provide a streamlined mechanism, from storing data to handling data subject rights. This way you don't have to worry about compliance and focus more on running your business.
This documentation will brief you about the features that Zoho Analytics offers with respect to GDPR compliance, and how to use them:
- Marking Personal Data
- Encryption at Rest
- Enhanced Data Privacy and Security
- Right to Data Portability
- Right to Erase and Forget Data
In case you have any queries regarding our policy, please feel free to write to us at email@example.com.
Zoho Analytics allows you to mark columns as Personally Identifiable Information (PII). This could be any information that could potentially identify an individual, for example. Name, Email, Job role and Company name etc. When a column is marked as PII, additional care will be taken in handling such data. The data will be encrypted and saved in our servers. The below-animated image shows how to mark a column as PII.
Alternatively, you can also click the Edit Design button in the toolbar and change the value of the corresponding Column Name to 'Yes' under the PII column.
Zoho Analytics encrypts your personal information in our servers for enhanced security. We have handled data encryption at various levels.
- Any field marked as PII will be encrypted and stored in our servers.
- Any private information provided for authenticating third-party applications will automatically be identified with due diligence and stored in our databases in an encrypted manner.
Data privacy and data security are two sides of the same coin. Therefore, we have brought in extra measures to secure your data.
- Password protection for files that are exported: You can choose to protect the data that is exported using a password. This way users will not be able to access the information in the exported files without the correct password.
- Password protection for Private links while publishing a report/dashboard/table: You can set passwords while publishing the reports or while sharing them as Private link URLs.
The right to data portability facilitates users in the transfer of personal data from one data controller to another thus avoiding vendor lock-in. It allows individuals to obtain and reuse their personal data anytime. Zoho Analytics allows you to obtain your data at 3 levels.
- Data Backup - Database Backup option will backup the data from tables and SQL queries from query tables and make it available for download. You can download the backed up data anytime as CSV files. Learn more about this feature.
- Exporting Data - This feature allows you to export your data anytime in common file formats such as CSV, Excel, HTML, PDF or image files. You can also password-protected your exported document. Learn more about exporting data.
- Downloading all your Data in One Shot - Zoho Analytics offers a direct one-time download to download all the data stored in our service. Right now we do not have an option for that in our user interface, in case you wish to utilize this service write to us at firstname.lastname@example.org and we will help you with this.
When a user closes their account, data will be deleted from the active database within two days. In case user wishes to delete all the data immediately, they can send a mail to email@example.com from their registered email. We will delete the data.
For any clarifications on GDPR compliance, contact firstname.lastname@example.org.