GDPR Compliance

GDPR is a comprehensive set of rules that will replace the existing Data protection directive or Directive 95/46/EC, which will be enforced across the EU. It is designed to empower EU citizens by putting them directly in control of how they want their data to be processed and protect their data privacy due to the increasingly complex nature of personal data transmission across the world.

Note:
  • The content presented herein is not to be construed as legal advice. Please contact your legal advisor to know how GDPR impacts your organization and what you need to do to comply with the GDPR.

  • The following changes to the API are applicable only for modules which have GDPR Compliance enabled.

Organization API

A new key privacy_settings is added in the Organization API. The data type of this field is boolean, i.e true/false.

Sample Request: To get Organization Data

Copiedcurl "https://www.zohoapis.com/crm/v4/org"
-X GET
-H "Authorization: Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"

Note:

  • If privacy_settings=true, GDPR Compliance is enabled for the Org.
  • If privacy_settings=false, GDPR Compliance is disabled.

Sample Response

Copied{
    "org": [
       {
            "country": "US",
            "mc_status": false,
            "gapps_enabled": false,
            "id": "111111000000033001",
            "state": null,
            "employee_count": "154",
            "website": "www.zylker.com",
            "currency_symbol": "$",
            "mobile": null,
            "currency_locale": "en_US",
            "primary_zuid": "5478235",
            "zgid": "5478236",
            "country_code": "US",
            "license_details": {
                "paid_expiry": null,
                "users_license_purchased": 3,
                "trial_type": "professional",
                "trial_expiry": "2018-05-17T17:20:05+05:30",
                "paid": false,
                "paid_type": "free"
            },
            "company_name": null,
            "privacy_settings": true,
            "primary_email": "p.boyle@zylker.com",
            "iso_code": "USD"
        }
    ]
}

Fields API

A new field in CRM named Data Processing Basis Details will carry the lawful data processing basis for the particular record. You can determine the values in this field based on how you want to process your customer's data.

Currently, this field is supported only in Leads, Contacts, Vendors, and Custom Modules.

A new key named private is added to the APIs, to mark the field as a protected field. The value of the key is either a JSON Object or null.

Fields can be set to be private by enabling the option in the Layout editor. If the user creates a protected field but does not select the sensitivity of the data(sensitive/normal), then the private key is null.

Sample Request: To get Fields Metadata

Copiedcurl "https://www.zohoapis.com/crm/v4/settings/fields?module=Leads"
-X GET
-H "Authorization: Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"
Copiedresponse = invokeurl
[
	url: "https://www.zohoapis.com/crm/v4/settings/fields?module=Leads"
	type: GET
	connection:"crm_oauth_connection"
];
info response;

The type attribute can be either High or Low, based on the sensitivity of the data. Once the privacy settings is enabled for the Org, the private field value to be shown in records GET API will be based on the Preferences settings.

The High and Low values correspond to the Sensitive and Normal values as in the Personal Fields in the CRM UI.

If restricted in the private key is true, then the values of a field will not be exposed in any record related APIs.

Sample Response: Field Metadata for Data Processing Basis Field

Copied{
    "custom_field": false,
    "lookup": {},
    "private": null,
    "visible": true,
    "webhook": true,
    "json_type": "jsonobject",
    "crypt": null,
    "field_label": "Data Processing Basis Details",
    "length": 100,
    "tooltip": null,
    "view_type": {
        "view": true,
        "edit": true,
        "quick_create": false,
        "create": true
    },
    "created_source": "default",
    "read_only": false,
    "api_name": "Data_Processing_Basis_Details",
    "unique": {},
    "businesscard_supported": true,
    "data_type": "consent_lookup",
    "formula": {},
    "currency": {},
    "id": "111111000000032030",
    "decimal_place": null,
    "pick_list_values": [],
    "multiselectlookup": {},
    "auto_number": {}
}

Records API - INSERT

When Inserting or adding a record, the Data Processing Basis Details key must be given in the POST request. This new key contains the details of the consent form that is accepted by a customer. In another sense, within a request, this key can be used to add consent details to a particular record.

The values in this key are in the form of a JSON Object.

Sample request: To insert a record in Leads module

Copiedcurl "https://www.zohoapis.com/crm/v4/Leads"
-X POST
-H "Authorization: Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"
CopiedSyntax:
zoho.crm.bulkCreate(,,,,);
mandatory : module,dataList

Sample Request:
resp = zoho.crm.bulkCreate("Price_Books", [{"Owner": {"id": "7000000031553"},"Active": true,"Pricing_Details": [{"to_range": 5,"discount": 0,"from_range": 1},{"to_range": 11,"discount": 1,"from_range": 6},{"to_range": 17,"discount": 2,"from_range": 12},{"to_range": 23,"discount": 3,"from_range": 18},{"to_range": 29,"discount": 4,"from_range": 24}],"Pricing_Model": "Differential","Description": "Design your own layouts that align your business processes precisely. Assign them to profiles appropriately.","Price_Book_Name": "Price_Book_Name oops1"},{"Owner": {"id": "7000000031553"},"Active": true,"Pricing_Details": [{"to_range": 5,"discount": 0,"from_range": 1},{"to_range": 11,"discount": 1,"from_range": 6},{"to_range": 17,"discount": 2,"from_range": 12},{"to_range": 23,"discount": 3,"from_range": 18},{"to_range": 29,"discount": 4,"from_range": 24}],"Pricing_Model": "Differential","Description": "Design your own layouts that align your business processes precisely. Assign them to profiles appropriately.","Price_Book_Name": "Price_Book_Name oops2"}]);
  • The same request pattern is to be followed for Update and Upsert records APIs.
  • If the Data Processing Basis Details are not specified when inserting a record, Data_Processing_Basis_Details key becomes null.

Sample Input: To insert a record in Leads module

Copied{
    "data": [
       {
            "Last_Name": "Boyle",
            "Email": "p.boyle@zylker.com",
            "Data_Processing_Basis_Details": {
                "Contact_Through_Email": true,
                "Contact_Through_Social": true,
                "Consent_Through": "Email",
                "Contact_Through_Survey": true,
                "Data_Processing_Basis": "Consent - Obtained",
                "Contact_Through_Phone": true,
                "Consent_Date": "2018-04-18",
                "Consent_Remarks": "fgvhbjnm"
            }
        }
    ]
}

Records API - GET

This API retrieves all the data of a record along with the Consent Details. In "Sample Request: To get a record from Leads module", the Email field is marked as a private field. Hence, the value of the field becomes null.

Sample Request: To get a record from Leads module

Copiedcurl "https://www.zohoapis.com/crm/v4/Leads/111111000000034001?include=private_fields"
-X GET
-H "Authorization: Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"
CopiedSyntax:
zoho.crm.getRecords(,,,,,);
mandatory : module

Sample Request:
resp = zoho.crm.getRecords("Leads",5,2,{"converted":"false"});
  • The example is also applicable for bulk operations (Bulk Get, Bulk Insert, etc).
  • In the sample response, the Email field is privacy protected. Hence, the field has the value as "null", even if the email for the record exists. Add include=private_fields in the params section of the Request URL to include the "private_fields" key in any GET APIs.
  • If the $stop_processing key for a particular record is true, then any Update, Upsert or Convert Lead process cannot be used on the record.

Sample Response

Copied{
    "data": [
       {
            "Owner": {
                "First_Name": "Patricia",
                "Last_Name": "Boyle",
                "name": "Patricia Boyle",
                "id": "111111000000031441"
            },
            "Company": null,
            "Email": null,
            "$currency_symbol": "Rs.",
            "Last_Activity_Time": null,
            "Industry": null,
            "$converted": false,
            "$process_flow": false,
            "Street": null,
            "Data_Processing_Basis_Details": {
                "Contact_Through_Email": false,
                "Owner": {
                    "name": "Patricia Boyle",
                    "id": "111111000000031441"
                },
                "Modified_Time": "2018-05-19T18:09:22+05:30",
                "Contact_Through_Social": false,
                "Created_Time": "2018-05-18T20:20:28+05:30",
                "Consent_Through": "Call",
                "Contact_Through_Survey": false,
                "Data_Processing_Basis": "Consent - Obtained",
                "Contact_Through_Phone": false,
                "Lawful_Reason": null,
                "Mail_Sent_Time": null,
                "Modified_By": {
                    "name": "Patricia Boyle",
                    "id": "111111000000031441"
                },
                "Consent_Date": null,
                "id": "111111000000116003",
                "Created_By": {
                    "name": "Patricia Boyle",
                    "id": "111111000000031441"
                },
                "Consent_Remarks": null,
                "Consent_EndsOn": null
            },
            "Zip_Code": null,
            "id": "111111000000121848",
            "Data_Source": "Mobile",
            "$approved": true,
            "$approval": {
                "delegate": false,
                "approve": false,
                "reject": false,
                "resubmit": false
            },
            "$data_source_details": null,
            "Created_Time": "2018-05-19T18:08:45+05:30",
            "$followed": false,
            "$editable": true,
            "City": null,
            "No_of_Employees": 20,
            "State": null,
            "$status": "c_5",
            "Country": null,
            "Created_By": {
                "First_Name": "Patricia",
                "Last_Name": "Boyle",
                "name": "Patricia Boyle",
                "id": "111111000000031441"
            },
            "Annual_Revenue": 0,
            "Secondary_Email": null,
            "Description": null,
            "Rating": null,
            "Website": null,
            "Twitter": null,
            "Salutation": null,
            "First_Name": "Deborah",
            "Lead_Status": null,
            "Full_Name": "Deborah Grogan",
            "Modified_By": {
                "First_Name": "Patricia",
                "Last_Name": "Boyle",
                "name": "Patricia Boyle",
                "id": "111111000000031441"
            },
            "Skype_ID": null,
            "Phone": -8775,
            "Email_Opt_Out": false,
            "Designation": null,
            "Modified_Time": "2018-05-19T18:08:45+05:30",
            "$converted_detail": {},
            "Mobile": null,
            "$stop_processing": false,
            "Last_Name": "Grogan",
            "Lead_Source": null,
            "Tag": [],
            "Fax": null,
            "Lookup_1": null
        }
    ],
    "info": {
        "per_page": 200,
        "count": 1,
        "page": 1,
        "more_records": false
    },
    "private_fields": [
       {
            "private": {
                "restricted": true,
                "type": "High",
                "export": false
            },
            "api_name": "Email",
            "id": "111111000000000873"
        }
    ]
}

Search APIs

The Data Processing Basis (Lawful Basis) details are shown along with the record details in the Search APIs.

In "Sample Request: To search for records in Leads module based on criteria", the email field is marked as private (restricted=true) and hence, the value is null.

Sample Request: To search for records in Leads module based on criteria

Copiedcurl "https://www.zohoapis.com/crm/v4/Leads/search?criteria=(Last_Name:equals:Boyle)"
-X GET
-H "Authorization: Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"
CopiedSyntax:
zoho.crm.searchRecords(,,,,,);
mandatory : module,criteria

Sample Request:
resp = zoho.crm.searchRecords("Leads", "((Last_Name:equals:Hawkins) or (Last_Name:starts_with:Pat))");

The following error is thrown when the record with the said email is searched through Criteria:

{
"code": "INVALID_QUERY",
"details": {
"reason": "Cannot use the restricted field.",
"api_name": "Email"
},
"message": "invalid query formed",
"status": "error"
} 

Note:

  • The output responses of Search APIs are similar to the GET APIs.
  • A restricted private field cannot be searched through Criteria.

Sample Response

Copied{
    "data": [
       {
            "Data_Processing_Basis_Details": {
                "Contact_Through_Email": true,
                "Owner": {
                    "name": "Patricia Boyle",
                    "id": "111111000000031431"
                },
                "Modified_Time": "2018-04-26T14:28:44+05:30",
                "Contact_Through_Social": true,
                "Created_Time": "3522937-06-04T16:10:31+05:30",
                "Consent_Other_Details": null,
                "Consent_Through": "Email",
                "Contact_Through_Survey": true,
                "Data_Processing_Basis": "Consent - Obtained",
                "Contact_Through_Phone": true,
                "Mail_Sent_Time": null,
                "Modified_By": {
                    "name": "Deborah Grogan",
                    "id": "111111000000031431"
                },
                "Consent_Date": "2018-04-18",
                "id": "111111000000034106",
                "Created_By": {
                    "name": "Patricia Boyle",
                    "id": "111111000000031431"
                },
                "Consent_Lawful_Details": null,
                "Consent_Remarks": "Got consent from the party",
                "Consent_EndsOn": null
            },
            "Email": null,
            "Last_Name": "Boyle",
            "id": "111111000000034001",
            "$stop_processing": false
        }
    ],
    "info": {
        "per_page": 200,
        "count": 2,
        "page": 1,
        "more_records": false
    }
}