On storing sensitive data, such as a contact’s national ID number or credit card number, you can choose to give contacts control over that field by requesting permission through their consents page.
When you store sensitive data of a person, certain laws may require you to handle that data in special ways. Such laws include GDPR, and sometimes require special handlings like encryption of data at rest, or restriction of access to who may see and use the data to only those required for the data’s purposes.
Vtiger’s sensitive data field enables you to comply with those laws while helping protect you from the risk that your employees or malicious actors misuse data stored in your possession.
Note! GDPR feature is available in Starter, Professional and Enterprise Edition.
Limit: 5 fields per module; Available modules: Leads and Contacts.
These features are available as an Add-on for Starter and Professional editions.
Data limit in GDPR compliance Add-on
- Personal fields - No limits
- Encryption fields - 5 fields per module
- Data consents - 10 fields per module
- Custom consents - 10 fields per module
Before you get started, please read the below-mentioned points carefully.
Note! These fields will not be shown in Module Fields and Layout > View Hidden after they are disabled.
Sensitive data fields can be created in Vtiger’s Leads and Contacts modules, and achieve all of the following:
Encryption of data at rest stores the data as an encrypted value in Vtiger’s database which protects the data from unauthorized view by your employees, our employees, and any potential malicious intruders.
By default, sensitive data in the user-view of Vtiger will display as ****. You can choose to change that default view to reveal any number of characters at the beginning or at the end of the stored value, to make it usable by your users as a verifier, without permitting them to un-obfuscate the full value. A common use of this is for storing a national ID number or a credit card number, and revealing just the last four digits (e.g., 529-49-5787 shows as 52****787)
Although all users can see the obfuscated value of a restricted field, administrators can restrict which of your users are allowed to reveal the un-obfuscated field value. This is achieved by giving user profiles access to view sensitive data fields, and applying those profiles to users.
Plain text fields are the only fields that can be marked as sensitive by Vtiger. To enable a sensitive data field:
Create a new text field, or edit the desired text field
Enable the Encrypt field property
Note! The text fields whose character limit is equal to or less than 100 can only be marked as the encrypted field.
To grant profile access to view sensitive data fields:
From the “Tools” area, enable the “View encrypted field value.”
Save the settings
Users with a profile, capable of viewing sensitive field values will see a “View” button to the right of fields marked as sensitive in Leads and Contacts modules. Clicking the button reveals the sensitive data field, and logs the view.
Vtiger tracks all views and edits to fields marked as sensitive for future audit. Field access logs for sensitive data changes can be viewed from the User Menu > Settings > User Management > Sensitive Field Access Logs; which allow you to search by field name, record name, module name, username, Date range, or action performed.
Please be aware that all of the following apply to sensitive data fields:
What fields should I mark as personal fields?
What fields should I mark as encrypted fields?
How do I delete an encrypted data field?
Is Primary email field mandatory?
Will print templates and email templates show the decrypted value?