Why should your organization have a GDPR compliant CRM solution?
GDPR strengthens the rights of EU citizens with respect to their personal data. A record of customer opt-ins, consents provided, and all processing activities have to be maintained as well. Since all customer information is collected and processed through CRM software, it is vital that your organization and your CRM are compliant with GDPR.
How does Zoho CRM help you become compliant?
At Zoho, we've always maintained a high standard when it comes to our users' rights to data privacy and protection. Over the years, we have demonstrated our commitment to data privacy and protection by meeting the industry standards for ISO 27001 and SOC 2 Type 2. Zoho Corporation participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework, with respect to transfer of data to the U.S.
Designed to help you meet the privacy standards set by the EU, Zoho CRM has multiple GDPR-centric enhancements that provide a streamlined mechanism, from data collection, to processing activities, to handling data subject rights.
Customise this form to get customer consent needed for your business processes.
Double Opt-in Mechanism
Authenticate your customer's sign up by sending a double opt-in email.
Data Source Tracking
The source of a customer's data is always maintained in the customer's record, for accountability.
Marking Personal Fields
Mark fields containing personal information and set a sensitivity level, to have more control over how these data are processed.
Encryption At Rest
Personal fields can be encrypted when they're being stored in Zoho's database, for added security.
Keep a list of customer consents within a customer's record.
Privacy Preferences :Users have refined control over the processing of Personal Data with third-party applications and APIs.
Data Subject rights
With the coming GDPR enhancements, users can keep track of all data requests from customers and ensure the requests are fulfilled immediately.
Using Zoho CRM's email feature, a template consisting of the required customer information merge fields can be created and sent to your customer on request.
Customer-specific information can be exported and sent to the customer to ensure that it is accurate.
Customer-specific information can be exported, attached to an email, and sent to a customer in a machine-readable format, all without having to download it on your device.
Once a customer exercises this right, the corresponding record will be locked, preventing further processing.
Once exercised, the customer's record will be locked for the duration of the retention period, defined in the data controller's terms of service. After this point, the controller has the option to delete customer information.
GDPR goes into effect across the EU on 25 May 2018. Organizations that are found to be non-compliant, or have breached the regulation, may face a fine of up to 20 million euros or 4% of the organisation's annual turnover.
Let's work together to reach GDPR compliance.Get Started
Disclaimer : The content presented herein is not to be construed as legal advise. Please contact your legal advisor to know how GDPR impacts your organisation and what you need to do to comply with the GDPR.