Skip to main content
close
  • Sales
    Press Space or Enter to display list of options
EXPLORE ALL PRODUCTS

Sales

 
CRM

Comprehensive CRM platform for customer-facing teams.

CRM
 
Bigin

Simple CRM for small businesses moving from spreadsheets.

Bigin
 
Forms

Build online forms for every business need.

Forms
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Sign

Digital signature app for businesses.

Sign
 
RouteIQ

Comprehensive sales map visualization and optimal route planning solution.

RouteIQ
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
Suites
CRM Plus

Unified platform to deliver top-notch customer experience.

CRM Plus

Marketing

 
Social

All-in-one social media management software.

Social
 
Campaigns

Create, send, and track targeted email campaigns that drive sales.

Campaigns
 
Forms

Build online forms for every business need.

Forms
 
Survey

Design surveys to reach and interact with your audience.

Survey
 
Sites

Online website builder with extensive customisation options.

Sites
 
PageSense

Website conversion optimization and personalisation platform.

PageSense
 
Backstage

End-to-end event management software.

Backstage
 
Webinar

Webinar platform for webcasting online webinars.

Webinar
 
Marketing Automation

All-in-one marketing automation software.

Marketing Automation
 
LandingPage

Smart landing page builder to increase conversion rates

LandingPage
 
Publish

Manage all your local business listings on a single platform.

Publish
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Sign

Digital signature app for businesses.

Sign
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
NEW
LeadChain

Sync, manage, and convert leads across channels seamlessly.

LeadChain
 
NEW
CommunitySpaces

Online community platform for individuals and businesses to grow their network and brand.

CommunitySpaces
 
Suites
Marketing Plus

Unified marketing platform for marketing teams.

Marketing Plus

Commerce and POS

 
Commerce

eCommerce platform to manage and market your online store.

Commerce

Service

 
Desk

Helpdesk software to deliver great customer support.

Desk
 
Assist

Remote support and unattended remote access software.

Assist
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
FSM

End-to-end field service management platform for service businesses.

FSM
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Suites
Service Plus

Unified platform for customer service and support teams.

Service Plus

Finance

 
Books

Powerful accounting platform for growing businesses.

Books
 
FREE
Invoice

100% Free invoicing solution.

Invoice
 
Expense

Effortless expense reporting platform.

Expense
 
Inventory

Powerful stock management and inventory control software.

Inventory
 
Billing

End-to-end billing solution for your business.

Billing
 
Checkout

Collect payments online with custom branded pages.

Checkout
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Practice

Practice management software for accounting firms.

Practice
 
Sign

Digital signature app for businesses.

Sign
 
Commerce

eCommerce platform to manage and market your online store.

Commerce
 
Suites
Finance Plus

All-in-one suite to manage your operations and finances.

Finance Plus

Email and Collaboration

 
Mail

Secure email service for teams of all sizes.

Mail
 
Meeting

Online meeting software for all your video conferencing & webinar needs.

Meeting
 
Writer

Word processor for focused writing and discussions.

Writer
 
Sheet

Spreadsheet software for collaborative teams.

Sheet
 
Show

Create, edit, and share slides with a sleek presentation app.

Show
 
Notebook

Beautiful home for all your notes.

Notebook
 
Cliq

Stay in touch with teams no matter where you are.

Cliq
 
Connect

Employee experience platform to communicate, engage, and build positive employee relations.

Connect
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
TeamInbox

Shared inboxes for teams.

TeamInbox
 
WorkDrive

Online file management for teams.

WorkDrive
 
Sign

Digital signature app for businesses.

Sign
 
Office Suite

Powerful collaborative work platform for teams.

Office Suite
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
Calendar

Online business calendar to manage events and schedule appointments.

Calendar
 
Learn

Knowledge and learning management platform.

Learn
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
ToDo

Collaborative task management for individuals and teams.

ToDo
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
NEW
PDF Editor

Collaborative online PDF editing tool.

PDF Editor
 
Suites
Workplace

Application suite built to improve team productivity and collaboration.

Workplace

Human Resources

 
People

Organize, automate, and simplify your HR processes.

People
 
Recruit

Intuitive recruiting platform built to provide hiring solutions.

Recruit
 
Expense

Effortless expense reporting platform.

Expense
 
Workerly

Manage temporary staffing with an employee scheduling solution.

Workerly
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
Shifts

Employee scheduling and time tracking app.

Shifts
 
Sign

Digital signature app for businesses.

Sign
 
Suites
People Plus

Comprehensive HR platform for seamless employee experiences.

People Plus

Security and IT Management

 
Creator

Build custom apps to simplify business processes.

Creator
 
Directory

Workforce identity and access management solution for cloud businesses.

Directory
 
FREE
OneAuth

Secure multi-factor authenticator (MFA) for all your online accounts.

OneAuth
 
Vault

Online password manager for teams.

Vault
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Toolkit

Complete resource for any admin-related lookup queries.

Toolkit
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
Assist

Remote support and unattended remote access software.

Assist
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine

BI and Analytics

 
Analytics

Modern self-service BI and analytics platform.

Analytics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep
 
NEW
IoT

Harnessing IoT analytics for real-time operational intelligence.

IoT

Project Management

 
Projects

Manage, track, and collaborate on projects with teams.

Projects
 
Sprints

Planning and tracking tool for scrum teams.

Sprints
 
BugTracker

Automatic bug tracking software for managing bugs.

BugTracker
 
Solo

The all-in-one toolkit for solopreneurs.

Solo

Developer Platforms

 
Creator

Build custom apps to simplify business processes.

Creator
 
Flow

Automate business workflows by creating smart integrations.

Flow
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
NEW
RPA

Automate manual, tedious, and repetitive tasks easily.

RPA
 
NEW
Apptics

Application analytics for all apps.

Apptics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
NEW
IoT

Build, deploy, and scale IoT solutions for connected businesses.

IoT
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep

IoT

 
NEW
IoT

Low-code IoT platform and solutions for connected businesses.

IoT

Search Result

 
CRM Plus

Unified platform to deliver top-notch customer experience.

Try now
CRM Plus
 
Service Plus

Unified platform for customer service and support teams.

Try now
Service Plus
 
Finance Plus

All-in-one suite to manage your operations and finances.

Try now
Finance Plus
 
People Plus

Comprehensive HR platform for seamless employee experiences.

Try now
People Plus
 
Workplace

Application suite built to improve team productivity and collaboration.

Try now
Workplace
 
Marketing Plus

Unified marketing platform for marketing teams.

Try now
Marketing Plus
 
All-in-one suite

Zoho One

The Operating System for Business

Run your entire business on Zoho with our unified cloud software, designed to help you break down silos between departments and increase organizational efficiency.

TRY ZOHO ONE
Zoho One
Zoho Marketplace

With over 2000 ready-to-use extensions across 40+ categories, connect your favorite business tools with the Zoho products you already use.

EXPLORE MARKETPLACE
Marketplace

Stay GDPR compliant with Zoho CRM

Mere protection of a customer's personal data is not enough. GDPR requires that you are transparent and secure in handling their personal data. Make your data collection and data processing comply with GDPR using Zoho CRM.

CRM Software benefits | Zoho CRM

Here's how we can help you

  • Track data sources and ensure double opt-in
  • Obtain and manage consent
  • Encrypt and secure personal data
  • Address data subject requests easily
  • Control the information shared with other applications
Features
  • Features
  • FAQs

Data Collection

Keep track of the sources for your customer data, and validate your customer's interest in your service before you start processing their information.

Data Source Tracking Data Source Tracking
Data Source Tracking

With multiple sources for customer data (webforms, imports, manual creation, APIs, or third-party integrations), keep track of it all under the customer's record details. In the case of webforms, additional details like form name and IP address will be captured.

Double Opt-in

Data Processing

Ensure lawful and secure processing of your customer's personal data. Stay accountable by documenting the processing activities done on a customer's data.

Data Processing Basis Consent Form Marking personal fields Encryption At Rest Audit Logs
Data Processing Basis

Identify, categorize, and mark customers based on one of the six lawful bases for data processing: Legitimate Interest, Consent, Performance of a Contract, Legal Obligations, Vital Interest, or Public Interests.

Consent Form

Based on the type of customer and the personal information being processed, you must ask for their consent. Easily obtain consent through a customizable form, which you can email to your customers.

Marking Personal Fields

Mark fields that contain personal information and decide if the information is sensitive or not. Based on the preferences under the Compliance Settings, you can restrict information in these fields from being processed during exports, APIs, and connected services.

Encryption At Rest (EAR)

Zoho CRM uses one of the strongest and most robust ciphers - AES (Advanced Encryption Standard) - to encrypt your sensitive data. In addition to protecting data during transit, Zoho CRM secures data stored in servers using AES-256 encryption standard to ensure anonymity of customer information, in case of a leak or a breach.

Audit Log

Monitor your team's activities with audit logs, so you can track who did what and when. For example, all actions done by your users with respect to record deletion and modifications will be audited.

Data Subject Rights

Customers can exercise various rights they are entitled to under GDPR at any time. Keep track of these requests and address them in a timely manner.

Access (Right to Access)

Let your customers access their data through the Customer Portal. Or let them know they can access it by sending them an email, which you can create by inserting the required merge fields in a template.

Rectify (Right to Rectify)

Export customer information with ease, send to them for rectification, and update it in CRM. If customers have access to the Customer Portal, they can view their information there and update it themselves, when necessary.

Export (Right to Data Portability)

Export customer information as a CSV file, which is directly attached to an email, and then sent to the customer. This export ensures that no information is stored on external devices.

Stop Process (Right to Restrict Processing)

When this right is exercised, the customer's record gets locked automatically to prevent any further processing of the information.

Erase (Right to be Forgotten)

You can easily delete a customer's information from Zoho CRM when a "Right to be Forgotten" is requested. Once deleted, the record will be moved to a blocklist to warn users when the same record is being pushed into the system again.

FAQs

1. What is GDPR, and how will it impact organizations?
The General Data Protection Regulation (or GDPR) is a new regulation developed by the European Union (EU) which involves the protection and free movement of personal data and the rights of individuals, including children. It is a set of rules which will replace the existing Data Protection Directive (Directive 95/46/EC), and will be enforced across the EU. GDPR will empower EU residents by putting them directly in control of how they want their data to be processed, and will protect their data privacy.
2. Who will GDPR apply to?
GDPR will apply to companies located in the EU, as well as companies who do business with residents of the EU, irrespective of the company's location.
3. What kind of data does GDPR apply to?
GDPR applies exclusively to personal data. Personal data is defined as, "any information that relates to an identified or identifiable person, or a data subject." This includes the data subject's (customer's) name, email address, location, and other online identifiers, such as IP address, social media profile, and types of website cookies.
4. Will GDPR compliance be applicable to all modules in Zoho CRM?
GDPR compliance is applicable only for the people-related modules in the organization. In Zoho CRM, GDPR applies to the Leads, Contacts, Vendors, and custom modules.
5. Who are the key stakeholders in GDPR?
  • Data Subject- Any person whose personal data you collect or process.
  • Data Controller- The person who determines the purpose and methods for processing the data.
  • Joint Controllers- Two or more controllers who jointly determine the purposes and methods of processing data.
  • Data Processor- The person or company who processes data on behalf of the controller.
  • Data Sub-Processor- A third party individual or business which performs data processing for other companies, and is accountable for the processing of data.
  • Supervisory Authorities- Public authorities who monitor the application of GDPR.
6. What are the lawful bases the data controller can use to process customer data?
The data controller can choose from six data processing bases. These are:
  • 1. Contract- This applies when you need to process the customer's personal data to fulfill your contractual obligations, or to take some action based on the customer's request (e.g. sending a quote or invoice).
  • 2. Legal Obligation- This applies when you have to comply with an obligation under any applicable law (e.g. providing information in response to valid requests, such as an investigation by an authority).
  • 3. Vital Interests- This applies to urgent matters of life and death, especially with regards to health data.
  • 4. Public Task- This applies to activities of public authorities.
  • 5. Legitimate Interests- Legitimate interests can include commercial interests, such as direct marketing, individual interests, or broader societal benefits. The controller must document and keep a record of decisions on legitimate interests in the form of a Legitimate Interests Assessment.
  • 6. Consent- Consent is also a lawful basis to process data. Consent of the data subject means "any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her."
7. What is LIA?
LIA stands for Legitimate Interests Assessment. It specifies the reason an organization wants to process a customer's personal data. The organization must also conduct an LIA to show that the processing is necessary.
  • The assessment of whether a legitimate interest exists.
  • The establishment of the necessity for processing.
  • The performance of the balancing test.
8. Who/what is a DPO?
A Data Protection Officer (DPO) assists you to monitor internal compliance, informs and advises you on your data protection obligations, provides advice regarding Data Protection Impact Assessments (DPIAs), and acts as a contact point between data subjects and the supervisory authority.
A DPO also serves as the point of contact between the company and any Supervisory Authorities (SAs) who oversee activities related to data processing. It is recommended to every organization to have a DPO.
9. How can GDPR be enabled for existing customers?
You can enable GDPR for existing customers by clicking Setup > Users and Control > Compliance Settings, turning compliance settings on, and selecting the modules for which compliance will be applicable.
10. What will happen to my existing data in Zoho CRM after GDPR takes effect?
After GDPR takes effect on May 25, all existing records in your Zoho CRM account will need to be marked under the appropriate lawful processing basis. You can do this through:
  • The Overview page
  • List View of the relevant module
  • Individual records
11. How does Zoho CRM help in your GDPR compliance journey?
These are the ways through which Zoho CRM helps you with GDPR compliance.

Data source tracking- Zoho CRM records the source of the data (direct sources like web forms and indirect sources like the UI, imports, APIs and other third-party integrations), and additional details, if any (eg. URL, IP address), in the record's Details page. These details are shared with the customer, on request.

Marking personal fields- Users have the option to mark those fields containing personal data and also mark the sensitive fields.

Data subject rights- Your customers also have the right to ask to access, rectify, delete, export and restrict their data from being processed. As the data controller, you need to perform those actions.
12. What rights will data subjects have under GDPR in Zoho CRM?
Data subjects will have five out of eight fundamental rights under GDPR in Zoho CRM:
  • The Right to Access- Customers have the right to know exactly what information is held about them and how it is processed. (GDPR Article 15)
  • The Right to Rectify- Individuals/customers have the right to get their personal data rectified, in case it is inaccurate or incomplete. ( Article 16)
  • The Right to Portability- Customer-specific information can be exported, attached to an email, and sent to customers in a machine readable format (CSV), without being downloaded onto your device (Article 20).
  • The Right to Restrict Processing- Individuals have the right to limit the purposes for which the controller can process their data. (Article 18)
  • The Right to Erasure- Also known as "The Right to be Forgotten," individuals have the right to have their personal data deleted or removed whenever they want. (Article 17).
13. What are the different ways through which you can obtain consent from the customer?
You can obtain consent from the customer either through email (inline email or a consent form attached to the email), through portals, or orally through phone calls.
14. What will happen if organizations don't comply with GDPR?
Organizations can be fined up to 4% of their annual global turnover, or 20 million euros (whichever is higher), for the most serious data breaches or infringements, including not having sufficient customer consent to process data or violating the core of Privacy by Design concepts.
They can be fined 2% of their annual global turnover, or 10 million euros (whichever is higher), for not having their records in order, not notifying the supervisory authority and customer about a breach, or not properly conducting an LIA.
15. My business isn't based in the EU. I don't have customers from the EU either. Do I still need to comply with GDPR?
GDPR is not mandatory if you don't have a business in the EU or deal with EU residents. However, if you want to ensure better security and privacy of customers' data, it is recommended to have GDPR compliance turned on. You can do this by clicking on Setup > Users and Control > Compliance Settings and turning it on.
16. Is encryption of data mandatory under GDPR?
No, GDPR doesn't mandate the encryption of customers' data. However, Zoho CRM allows you to encrypt fields manually in the field's properties page.
17. Can I use the encrypted field in a webform?
Yes, you can use an encrypted field in the webform.
18. I have turned compliance off. How will this affect the existing data processing basis of my records?
When you go to the compliance settings page and turn compliance off, the processing activities that you had previously done with the data subject's data will become ineffective, and the data will be processed without any basis.
19. Can customers delete or remove their data from Zoho CRM?
Customers can use The Right to Erasure (also known as Right To Be Forgotten) (Article 17) to request that their personal data be deleted or removed from CRM. As a data controller, you will have to delete the data if the customers ask for it, unless you have overriding legal obligations for keeping the data (Refer to Article 17 of EU GDPR).
20. How can the data controller keep track of the various data processing activities that have taken place in Zoho CRM?
The data controller can go to the existing timeline view in Zoho CRM and track the updates and changes made to the data processing activities of individual records.
21. Is double opt-in mandatory for data processing?
No, double opt-in is not mandatory for data processing. However, a double opt-in is recommended to ensure that customers are genuinely interested in the product. Under double opt-in, customers will receive an additional email to confirm their identity, once they've signed up through webforms.
22. What happens to the data if the customer doesn't respond to a consent email within a certain time period?
If the customer doesn't respond to a consent email, the data controllers can decide how long they want to wait for a response. Once it exceeds that time period, the status of the records will be Not Responded and the data will not be processed.
23. How can the data controller classify fields in Zoho CRM?
The data controller has the option to mark the user's fields as personal and sensitive in Zoho CRM. The controller can also decide to restrict these fields from activities like exports, APIs, and other connected services of Zoho CRM. (Books, Finance, Campaigns, etc.)
24. Can I filter leads and contacts depending on the data processing basis?
Yes, you can filter leads and contacts based on their data processing basis.
25. Can data subjects edit or delete their own data before giving consent to the data controllers?
Yes, data subjects can edit and update their personal data, through the Right to Rectify (Article 16) and the Right to Erasure (Article 17).
26. Who can access the Compliance Settings in Zoho CRM?
Those with the Administrator profile can access the Compliance Settings in Zoho CRM.
27. How often can I review the lawful basis of processing data?
As the data controller, you should periodically review the lawful basis under which you processed data. This is because the lawful basis under which you initially processed personal data and the purpose of data collection can change over time.
28. My data currently resides in the US data center. How can I migrate this data to the EU data center for GDPR compliance?
GDPR doesn't mandate that data should reside only within the borders of the EU. It actually provides great transfer mechanisms for the free flow of data to and from countries outside the EU as well.

Some of these transfer mechanisms are the Binding Corporate Rules (Article 47), Privacy Shield and Model Contractual Clauses, among others. So if you have data in the US (zoho.com) and have signed the Data Processing Addendum (DPA), your data is safe.

The DPA, which references the EU Model Contractual Clauses will still help in the transfer of data from non-EU countries. If you'd like us to send you your updated DPA, send an email to gdpr-compliance@zohocorp.com and clearly mention if you've signed up in zoho.com or zoho.eu

However, if you really need to migrate your data to the EU DC, you can send an email to security@zohocorp.com mentioning all the services you are using. This email will be forwarded to the relevant product teams.
29. Where can I find additional resources on GDPR?
Here are some links you can refer to for additional reading on GDPR
Note: Zoho Corporation is not responsible for the content in these pages and does not endorse these links.
30. Can I mark my data as personal?
Yes, you can mark your data as personal. Once you do that, you can additionally choose which fields you want to mark as normal and which fields you want to mark as sensitive.
31. How many fields can I mark as personal?
You can mark a maximum of 30 fields in each module as personal.
32. Which field types can be marked as personal?
All fields, with the exception of the lookup, user lookup, formula and auto number fields can be marked as personal.
33. How can I mark my data as personal?
To mark your data as personal:
  • Go to Setup > Customization > Modules and Fields
  • Hover your mouse pointer over the module that has the data subjects' personal information.
  • Click Manage Personal Fields from the drop-down list.
  • In the Manage Personal Fields section, click Mark Personal Field.
  • Select the data type as either Normal or Sensitive.
  • Click Done.
34. Once I've marked my data as personal, how will it impact data processing?
When you mark your data as personal, the data will be restricted from activities like exports, APIs and other connected services of Zoho CRM (Books, Finance, Campaigns etc).
35. Can the fields in subforms also be marked as personal ?
Yes, you can also mark those fields which are supported for processing in subforms as personal.
36. How do I enable double opt-in for my web form?
To enable double opt-in:
  • Go to Setup > Developer Space > Webforms > Create Web Form.
  • Drag and drop the fields that you want in your web form.
  • Click Next Step. In the Form Details page, enter the relevant form details.
  • In the Manage Personal Fields section, click Mark Personal Field.
  • Select the Enable Double Opt-In slider and save the changes.
37. Can I restrict personal data from being accessed outside Zoho CRM?
Yes, you can restrict the data subject's personal data from being accessed outside Zoho CRM. Once you've marked the data as normal and sensitive, you can
  • Restrict Data Transfer to Zoho Apps/ Integrations
  • Restrict Data Access through API
  • Restrict Data in Export
  • Restrict Data Access to Third Party Apps
38. How can I restrict personal data from being shared?
To restrict personal data from being shared:
  • Go to Setup > Users and Control > Compliance Settings.
  • Click on the Preferences tab.
  • Under Personal Data Handling, select where you would like to restrict data transfer (Zoho Apps, Third-party apps, APIs, Export)
39. Where can I update the data processing basis?
You can update the data processing basis for customers in the record details page. Click on the Data Privacy Tab, select or edit the data processing basis. You can also select records from the list view of a module and update the data processing basis. The third way that you can do this is through the consent overview dashboard. Go to Setup > Compliance Settings, click on the Overview tab, select the records and update the data processing basis.
40. What is waiting period?
It is the amount of time you would like to wait for a response to your consent email. The organization can set this waiting period. Once it exceeds this waiting period, all processing activities related to the record will be stopped.
41. Can I add a record that was previously block listed back into CRM?
Yes, a record which had been previously block listed can be added again as a new record into CRM. Before you add the record, you will receive an alert saying it was previously block listed.
42. Can the data subject use Portals to update his/her consent?
Yes, you can get the customer's consent through Portals.
43. Can data subject rights be raised through Portals?
Yes, data subjects rights can be raised through Portals.

Disclaimer : The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.