Zoho has always honored its users' right to data privacy and protection. Zoho never had advertising as a revenue stream and never served ads to users nor will it do so in the future. Also, Zoho does not serve ads to customers using the free editions of Zoho products. This means that Zoho does not have a necessity to collect and process users' personal information beyond what is required for the functioning of Zoho products.
Over the years, Zoho has demonstrated its commitment to data privacy and protection by meeting the industry standards for ISO 27001 and SOC 2 Type 2. Zoho already has strong Data Processing Agreements, and is revising them to meet GDPR requirements. Also, Zoho Corporation participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework with respect to transfer of data to the US. Zoho recognizes that the GDPR will be helpful in making progress towards the highest standards of operations in protecting customer data.How is Zoho preparing for GDPR?
Zoho is gearing up for GDPR compliance
With 130+ on-premise and cloud applications used by 30+ million users across 190 countries, Zoho is gearing up to be GDPR compliant across all of its applications, by the time the regulation comes into effect. As a data processor, Zoho understands its obligation to help customers get ready for the big day. Zoho thoroughly analyzed GDPR requirements and has put in place a dedicated internal team to drive the Zoho organization to meet requirements in time. These initiatives include:
- Identifying personal data - Each of the 130 different applications has a different level of personal data collection, usage, storage and disposal.
- Providing visibility and transparency - The most important aspect of GDPR is how the collected data is used. As a data processor, Zoho's key role is to provide customers (the data controllers) with the access to effectively manage and protect their user data. Zoho is exploring ways to make optimal product enhancements without compromising on performance in order to provide better transparency to customers.
- Enhancing data integrity and security - Data privacy and data security are two sides of the same coin. As customers tighten their data security measures, Zoho is streamlining the processes for cloud applications by implementing IT policies and procedures that provide end-to-end security.
- Portability and transferability of data - GDPR gives end users the right to either receive all the data provided and processed by the controller or transfer it to another controller depending on technical feasibility. With this new right in mind, Zoho is working on further enhancing its data exporting capabilities to enable export even at the individual level.
Zoho aims to make GDPR compliance for customers as simple as possible
Zoho understands that meeting GDPR requirements will take a lot of time and effort. And as your partner, Zoho wants to help you make your process as seamless as possible, so that you don't have to worry about compliance and can focus more on running your business. Some of Zoho product enhancements are about to make it easier for you to:
- Provide access controls
- Encrypt, anonymize or delete user data
- Perform data audits or assessments using data processing logs
- Create provisions for data subjects rights
- Enhance security for user data
What should you do to be GDPR-ready?
If you are just getting started with GDPR compliance in your organization, here's a quick to-do list to keep in mind.
- Create a data privacy team to oversee GDPR activities and raise awareness
- Review current security and privacy processes in place & where applicable, revise your contracts with third parties & customers to meet the requirements of the GDPR
- Identify the Personally Identifiable Information (PII)/Personal data that is being collected
- Analyze how this information is being processed, stored, retained and deleted
- Assess the third parties with whom you disclose data
- Establish procedures to respond to data subjects when they exercise their rights
- Establish & conduct Privacy Impact Assessment (PIA)
- Create processes for data breach notification activities
- Continuous employee awareness is vital to ensure continual compliance to the GDPR