GDPR 合规性

Zoho CRM API的1.0版本已进入终结阶段,将在2018年12月31日被弃用。我们推荐您查看和使用最新的、更好的 API 2.0

API版本1.0的变化 - GDPR 合规性

What is GDPR?

GDPR is a comprehensive set of rules that will replace the existing Data protection directive or Directive 95/46/EC, which will be enforced across the EU. It is designed to empower EU residents by putting them directly in control of how they want their data to be processed and protect their data privacy due to the increasingly complex nature of personal data transmission across the world.

Note:

  • The content presented herein is not to be construed as legal advise. Please contact your legal advisor to know how GDPR impacts your organisation and what you need to do to comply with the GDPR.

What's new in the API?

Fields

Data Processing Basis Details

A new field named "Data Processing Basis Details" will carry the lawful data processing basis for the particular record. You can determine the values in this field based on how you want to process your customer's data.

Currently, this field is supported only in Leads, Contacts, Vendors and Custom Modules.

The values of the field can be:

Not Applicable, Legitimate Interests, Contract, Legal Obligation, Vital Interests, Public Interests, Consent-Pending, Consent-Awaiting, Consent-Obtained, Consent-Not Respond, Stop Processing, Consent-Declined, Delete.

Note:

  • Consent-Pending - The consent link or form is not yet sent to the customer.
  • Consent-Awaiting - The consent link or form is sent to the customer and awaiting a reply.
  • Consent-Obtained - The consent link or form is sent and the customer gave "Access", i.e Accepted.
  • Consent-Declined - The consent form is sent and the customer has replied as "Stop Processing".

Tags

Consent

This new tag contains the details of the consent form that is accepted by a customer. In another sense, within a request, this tag can be used to add consent details to a particular record.

Attributes

Private

An attribute for the consent tag, named "private" is added to the APIs, to mark the field as a protected field. The data type of this key is Boolean, i.e true/false.

Private Type

An attribute for the consent tag, named "private_type" is added. The Value of this key can be "High", "Low" or "null". The "High" and "Low" values correspond to the "Sensitive" and "Normal" values as in the CRM UI.

Stop Processing

When the stop processing key of a particular record is "true", then the record becomes read-only. The value for this key is of the Boolean data-type, i.e true or false.

Example:

<FL val="$stop_processing">true</FL>

Some scenarios where this key becomes important :

  • A consent form is sent to the customer who makes a request to temporarily halt his request, then a request for Stop Processing will be sent.
  • A Data-Controller, in other words, an Admin (CEO) of an Organization can set up his org such that Stop Processing in Privacy settings is activated whenever the consent stage is in "Pending" or "Awaiting".

Fields API

The changes made to the fields API based on the implementation of the new privacy policy are:

  • The attribute "private" denotes if a field is protected (private) or not. The data type of the key is Boolean, i.e true/false.
  • The attribute "private_type" denotes the level of sensitivity of the data. For instance, if the sensitivity of the data is set to be high, then private_type="High"

Note:

  • For non-private fields, i.e, if "private=false", then private_type="null".
  • Private fields cannot be searched through Criteria.

URL : {module}/getFields, {module}/getAllFields

Sample Response

<FL id="111111000000000861" req="false" type="Lookup" isreadonly="false" private="false" private_type="null" export="false" isQcreate="false" maxlength="120" label="Lead Owner" dv="Lead Owner" colName="SMOWNERID" ></FL>
<FL id="111111000000000863" req="true" type="Text" isreadonly="false" private="true" private_type="High" export="false" isQcreate="true" maxlength="100" label="Company" dv="Company" colName="COMPANY" ></FL>
<FL id="111111000000000871" req="false" type="Text" isreadonly="false" private="true" private_type="High" export="false" isQcreate="false" maxlength="100" label="Designation" dv="Title" colName="DESIGNATION" ></FL>
<FL id="111111000000000873" req="false" type="Email" isreadonly="false" private="true" private_type="Low" export="false" isQcreate="true" maxlength="100" label="Email" dv="Email" colName="EMAIL" ></FL>

Insert API

A new tag named "Consent", contains the details of the consent form that is accepted by a customer. In another sense, within a request, this tag can be used to add consent details to a particular record.

The changes made to the insert API based on the implementation of the new privacy policy are:

  • CONSENTID cannot be provided in the input data (Existing Consent can't be associated)
  • Email can't be provided in the Consent (ie in <consent></consent>)
  • Insert API won't throw any error for Stop Processing email ID. Instead, record will be created with the stop-processing email ID and will be moved to Stop Processing.
  • If invalid Email is being provided in record (ie in <row></row>), then it'll be validated.

Note:

Above mentioned use-cases are applicable only if

  • Compliance Settings feature is enabled for Organization (done by Zoho).
  • GDPR Compliance is enabled by the user (User-enabled).
  • The module being accessed should be one of data privacy module (can be chosen by the user through Manage data privacy for module option).

Sample Input

<Leads>
  <row no="1">
    <FL val="Last Name">Patricia</FL>
    <FL val="Email">p.boyle@zylker.com</FL>
    <FL val="Data Processing Basis Details">
      <consent>
        <FL val="Contact through Email">true</FL>
        <FL val="Contact Through Phone">false</FL>
        <FL val="Contact Through Survey">false</FL>
        <FL val="Contact Through Social Handles">false</FL>
        <FL val="Consent Through">Email</FL>
        <FL val="Consent Date">2018-04-27</FL>
        <FL val="Allow Other Service">true</FL>
        <FL val="Consent Remarks">Consent approved by customer</FL>
        <FL val="Data Processing Basis">Obtained</FL>
      </consent>
    </FL>
  </row>
</Leads>

Update API

The changes made to the update API based on the implementation of the new privacy policy are:

  • CONSENTID cannot be provided in the input data (Existing Consent can't be associated).
  • Email can't be provided in the Consent (ie in <consent></consent>)
  • If invalid Email is being provided in record (ie in <row></row>), then it'll be validated.

Note:

Above mentioned use-cases are applicable only if

  • Compliance Settings feature is enabled for Organization (done by Zoho).
  • GDPR Compliance is enabled by the user (User-enabled).
  • The module being accessed should be one of data privacy module (can be chosen by the user through Manage data privacy for module option).

Sample Input

<Leads>
  <row no="1">
    <FL val="Last Name">Patricia</FL>
    <FL val="Email">p.boyle@zylker.com</FL>
    <FL val="Data Processing Basis Details">
      <consent>
        <FL val="Contact through Email">true</FL>
        <FL val="Contact Through Phone">false</FL>
        <FL val="Contact Through Survey">false</FL>
        <FL val="Contact Through Social Handles">false</FL>
        <FL val="Consent Through">Email</FL>
        <FL val="Consent Date">2018-04-27</FL>
        <FL val="Allow Other Service">true</FL>
        <FL val="Consent Remarks">Consent approved by customer</FL>
        <FL val="Data Processing Basis">Obtained</FL>
      </consent>
    </FL>
  </row>
</Leads>

Get API

The changes made to the get API(getRecords/getRecordById/getRelatedRecords/searchRecords/searchRecordsByPDC/getSearchRecords) based on the implementation of the new privacy policy are:

  • When include_pi_fields=true is specified, then the private fields for the module will be given in records GET API.
  • $stop_processing key provided in all GET API responses

Note:

Above mentioned use-cases are applicable only if

  • Compliance Settings feature is enabled for Organization (done by Zoho).
  • GDPR Compliance is enabled by the user (User-enabled).
  • The module being accessed should be one of data privacy module (can be chosen by the user through Manage data privacy for module option).

Sample Response

<response uri="/crm/private/xml/Leads/getRecords">
    <pi_fields>
        <FL id="111111000000000863" label="Company" private="true" private_type="High" export="false"></FL>
        <FL id="111111000000000873" label="Email" private="true" private_type="Low" export="false"></FL>
        <FL id="111111000000000875" label="Phone" private="true" private_type="High" export="false"></FL>
        <FL id="111111000000000877" label="Fax" private="true" private_type="High" export="false"></FL>
    </pi_fields>
    <result>
        <Leads>
              <row no="1">
                <FL val="LEADID">111111000000056343</FL>
                <FL val="$stop_processing">false</FL>
                <FL val="SMOWNERID">111111000000031431</FL>
...
              </row>
        </Leads>
    </result>
</response>

Responses with Data Processing Basis Details:

Sample Response

<FL val="Data Processing Basis Details">
    <consent>
        <FL val="CONSENTID">111111000000032361</FL>
        <FL val="Contact through Email">true</FL>
        <FL val="Contact Through Phone">false</FL>
        <FL val="Contact Through Survey">false</FL>
        <FL val="Contact Through Social Handles">false</FL>
        <FL val="Email">null</FL>
        <FL val="SMCREATORID">111111000000031431</FL>
        <FL val="Created By">Boyle GDPR</FL>
        <FL val="MODIFIEDBY">111111000000031431</FL>
        <FL val="Modified By">Boyle GDPR</FL>
        <FL val="SMOWNERID">111111000000031431</FL>
        <FL val="Consent Owner">Boyle GDPR</FL>
        <FL val="Created Time">2018-04-26 20:33:34</FL>
        <FL val="Modified Time">2018-04-26 20:33:34</FL>
        <FL val="Consent Through">Email</FL>
        <FL val="Consent Date">2018-04-27</FL>
        <FL val="Consent Ends On">null</FL>
        <FL val="Allow Other Service">false</FL>
        <FL val="Consent Remarks">Consent accepted by the customer.</FL>
        <FL val="Data Processing Basis">Obtained</FL>
        <FL val="Mail Sent Time">null</FL>
        <FL val="Consent Lawful Details">null</FL>
        <FL val="Consent Other Details">null</FL>
    </consent>
</FL>

Search Records API

Fields marked as private CANNOT be obtained through search criteria, searchCondition, searchColumn and customview criteria. If a private field is searched, the following response will be shown.

Sample Response

<?xml version="1.0" encoding="UTF-8" ?>
<response uri="/crm/private/xml/Leads/searchRecords">
    <error>
        <code>4899</code>
        <message>API call cannot be completed as private field given in criteria/searchCondition/searchColumn/customview</message>
    </error>
</response>

Error Messages

The following error message is thrown for records insert, update, upsert, convertLead and sendMail APIs.

Sample Response

<response uri="/crm/private/xml/Leads/convertLead">
    <error>
        <code>4202</code>
        <message>API call cannot be completed as the record is in stop processing</message>
    </error>
</response>

Note:

Blocked - Blocked status can be added to a record and used to block, or lock, a particular record by making the "Email" field as the identifying field. In other words, if a record with a particular email is blocked, then records with the same email cannot be added or updated.

还没有找到您需要的内容?

请发送邮件给我们:support-crm@zohocorp.com.cn