Marking Personal Fields

Marking Personal Fields

Marking Personal Fields


GDPR defines personal data as any information relating to an identified or identifiable natural person (i.e. the data subject). There is a wide range of personal data that includes email addresses, location, mobile numbers, identification numbers, etc. In the CRM, fields with such data can be marked as personal fields and can further be categorised as Normal or Sensitive. While GDPR aims to protect all the personal data, there is a special category within that which can be termed as sensitive personal data. One needs to take extra care in handling sensitive data as it might include information concerning health, medical records, financial details, biometric data, religious information or any other data that uniquely identifies the data subject.

In the CRM, under Setup > Users and Control > Compliance Settings > Preferences, you would have selected the modules that contain data subject's personal information and which needs to be GDPR compliant. The option to Manage Personal Fields will be available only in those modules under the Data Privacy section. When fields are marked as personal, data from those fields will not be transferred or shared in the following instances: data export, API usage and integrations with other services of  (Books,  Finance, Campaigns, etc.)

Manage Personal Fields

You can mark fields as personal from two places.

  • From the Modules list page.
  • While editing a Layout

To manage personal fields from the Modules page

  1. Click Setup > Customisation > Modules and Fields.
  2. Hover you mouse pointer to the module that contains data subjects' personal information.
  3. Click Manage Personal Fields from the list of options.
    This option will be available only in those modules that you had selected under Setup > Users and Control > Compliance Settings > Preferences.
  4. In the Personal Fields section, click Mark Personal Field.
  5. In the popup, select a field from the drop-down list.
    Auto-NumberFormulaUser and Lookup type fields cannot be marked as personal and hence, these fields will not be available in the drop-down list.
  6. Select Normal or Sensitive to specify the kind of data that the field holds.
  7. Click Add Field to mark more fields as personal.
    You can mark up to 30 personal fields per module.
  8. Click Done.

To manage personal fields from the Layouts page

  1. Click Setup > Customisation > Modules and Fields.
  2. Click on a module that contains data subjects' personal information.
  3. Choose a layout.
  4. In the Layout Editor page, click on the More icon for a field that you want to mark as a personal field.
    Auto-NumberFormulaUser and Lookup type fields cannot be marked as personal.
  5. Click
     
    Edit Properties.
    • In the [Field] Properties popup, select the Contains Personal Data checkbox.
    • Select Normal or Sensitive to specify the type of data.
    • Click Done.
  6. Click Save to save the changes made to the layout.
Note
  • Auto-Number, Formula, User and Lookup type fields cannot be marked as personal.
  • You can mark a field as personal in subforms also.
  • In a subform, while adding aggregate fields, please note that Aggregate and Formula fields cannot be marked as personal. Whereas, under New FieldsNumberCurrency and Decimal can be marked as personal.

  • Associated Items - While using webhooks, functionsemail templates and integrations with the CRM, there is a possibility that your personal fields' data is shared outside CRM. To avoid such cases, you can click on the Information icon to see where the particular field is being used. That will help you decide and take necessary action as required.

View Personal Fields under Data Privacy Section

The Data Privacy section for a record also contains details about the personal fields. It lists the number of fields that are marked as Sensitive and the ones as Normal.

To view personal fields

  1. Click open the data subjects record in your CRM account.
    The record could be in the Leads, Contacts, Vendors or any other custom module for which GDPR Compliance is enabled.
  2. Click Data Privacy.
    Under the Personal Data section, the number of Sensitive and Normal fields details are available.
  3. Hover your cursor on the number to view the fields with the values for the selected record.

Personal Data Handling

You may have marked some personal data as normal and others as sensitive. The CRM gives you the option to decide which type of personal data you want to restrict from being accessed through APIs or other applications that are integrated with the CRM. The following options are available to protect data subject's personal data being shared across other sub processors.

Restrict Data Transfer to the Apps and Third-Party Apps

To run your business, you may use multiple tools from email service providers, customer relationship management systems to collaboration platforms. Many a times, these applications are tightly integrated and your customers' data is shared among these platforms. It is essential that these third-party processors you use are also directly and legally obligated to be in compliance with GDPR. To protect your customers' data, The CRM has the option to restrict sharing of personal data to the apps and third party applications integrated with your CRM account.

The following table will give you the details of the various integrations and the implications when personal data is restricted. There are certain fields that are mandatory for an integration. For example, for the Project integration, Email is a mandatory field. If you mark email as a personal field, the data will not be sent from CRM to Projects. You can find more such details in the tables below.

*Please note that First and Last Name cannot be marked as personal fields.

Integrations with the Apps

Integrations with the Apps
Fields mandatory for the integration
What happens when personal data is restricted?
Desk
Last Name and Email
Data will not be pushed from the CRM.
Projects
Email
Client user will not be added through project creation or association.
Finance Suite
Last Name and Email
Data will not be pushed from the CRM.
Campaigns
Email
Data will not be pushed from the CRM.
Recruit
Email
Data will not be pushed from the CRM.
Cliq
NA
Details other than those from the personal fields will be shared via Cliq.
Analytics
NA
If one of the previously synced field is restricted, then reports based on those fields will be deleted.
Writer
NA
NA
Motivator
NA
NA
Creator
NA
NA
Mail
NA
NA
Calendar
NA
NA
Social
NA
NA
Sales IQ
NA
NA
Survey
NA
NA

Integrations with Third-party Apps

Integrations with Other Apps
Fields mandatory for the integration
What happens when personal data is restricted?
Microsoft Office 365
First Name
As First Name cannot be marked as a personal field, the integration will work as usual.
Microsoft Outlook 
First Name
As First Name cannot be marked as a personal field, the integration will work as usual.
Google Contacts
First Name
As First Name cannot be marked as a personal field, the integration will work as usual.
Slack
NA
Details other than those from the personal fields will be shared via Slack.

To restrict data transfer to the applications

  1. Click Setup > Users and Control > Compliance Settings > Preferences.
  2. In the Personal Data Handling section, toggle on Restrict Data Transfer to the Apps to enable it.
  3. Review the implications and click Restrict Personal data to proceed.
  4. Select one of the following from the Data Type drop-down:
    • Only Sensitive data - Values from all the sensitive personal fields will not be transferred through third-party integrations.
    • Normal and Sensitive data - Values from both the normal and sensitive personal fields will not be transferred through third-party integrations.
  5. Click Save.

To restrict data transfer to third-party applications

  1. Click Setup > Users and Control > Compliance Settings > Preferences.
  2. In the Personal Data Handling section, toggle on Restrict Data Transfer to Third-party Apps to enable it.
  3. Select one of the following from the Data Type drop-down:
    • Only Sensitive data - Values from all the sensitive personal fields will not be transferred through third-party integrations.
    • Normal and Sensitive data - Values from both the normal and sensitive personal fields will not be transferred through third-party integrations.
  4. Select the integrations from the Apps drop-down list for which you want to restrict data transfer.
  5. Click Save.

Restrict Data access through API

Using API, other applications can connect to your CRM account and data can be transferred. When data is transferred via API, you need to ensure that personal data of your customers are not shared without a purpose. For data security, the CRM has the option to restrict the sharing of personal data through API.

When data is restricted, you can neither update personal data (for the marked fields) in the CRM nor share the data outside the system via APIs.

To restrict data access through API

  1. Click Setup > Users and Control > Compliance Settings > Preferences.
  2. In the Personal Data Handling section, toggle on Restrict Data access through API to enable it.
  3. Select one of the following from the Data Type drop-down:
    • Only Sensitive data - Values from all the sensitive personal fields will not be accessed through APIs.
    • Normal and Sensitive data - Values from both the normal and sensitive personal fields will not be accessed through APIs.
  4. Click Save.

Restrict Data in Export

There maybe instances when you have the requirement to export data and for security reasons, you would not want the personal data to be exported. For such cases, you can restrict the personal data (normal and sensitive) from being exported. This includes exporting reports and updating data using in Sheet view. Please note the following when you restrict personal data for the export action.

  • In Sheet view, personal fields will not be available.
  • When you export a report, all the fields' data will be exported except the ones in personal fields. Same is the case for scheduled reports.
  • Matrix reports require fields for rows and columns. If any one of the field is a personal field (which cannot be exported) then the matrix report will not give accurate data. Hence, matrix reports with personal fields can be created but will not be exported. Same is the case for matrix scheduled reports.
  • When will a report not get exported:
    • If a personal field is used for the Columns to Total option.
    • In a Summary report, if personal fields are used in grouping columns.
    • In a Matrix report, if personal fields are used to Subtotal By column or row.

To restrict data in export

  1. Click Setup > Users and Control > Compliance Settings > Preferences.
  2. In the Personal Data Handling section, toggle on Restrict Data in Export to enable it.
  3. Review the implications and click Restrict Personal data to proceed.
  4. Select one of the following from the Data Type drop-down:
    • Only Sensitive data - Values from all the sensitive personal fields cannot be accessed in the exported data.
    • Normal and Sensitive data - Values from both the normal sand sensitive personal fields cannot be accessed in the exported data.
  5. Click Save.











    • Related Articles

    • Working with Custom Fields

      Working with Custom Fields Custom Fields Custom Field Limits Custom Field Settings Add Custom Fields Edit Custom Fields Set Field Permission Mark a Field as Required Mark a Field as Unique Remove/Delete Custom Fields Map Dependency Fields In the CRM, ...
    • Types of Custom Fields

      Types of Custom Fields Create Currency Fields Add/Rename Pick List Values Replace Pick List Values Add Multi-Select Pick List Values Create Lookup Field Create Multi-Select Lookup Field Create Auto Number Field Create User Field Add Record Image ...
    • Fields List Page

      Fields List Page The Fields section of a module in the CRM presents details of fields in the selected module. The Fields section has two sub sections - Field listing and Fields Permission. As the name suggests, the Field Listing section enables you ...
    • Building Formula Fields

      Building Formula Fields The CRM formula fields enable you to define fields that can populate dynamically calculated data based on the values returned from other standard or custom fields. For instance, an insurance company may need to determine, if ...
    • Standard Fields in Vendors

      Standard Fields in Vendors Following are the list of defined standard fields available in the Vendors module: Field Name Description Data type Maximum Limit Vendor Owner Select the name of the user to whom the Vendor details is assigned. Lookup   ...