As you all know, the GDPR laws are applying to all organizations that process personal data of EU citizens, even when not operating in the EU territory. Since most forms are designed to collect personal information, you need to make the forms compliant. This is a mandatory requirement for any company that has access to personal data. Personal information such as names, phone numbers, addresses, location, is protected by the GDPR laws.
Best practices
- Allow users to correct and/or update their own data. Enable the edit submission feature.
- Send a copy of the completed form to the sender.
- Upon request, form users should be able to contact you whenever they want. Include your contact details on the form. Read more about the “right to be forgotten” law.
- Use multiple-choice fields to receive their consent.
- Explain why you need their personal data.
- Add terms of service fields where you list your Privacy Policy and other details. Do not use the default choice option. The checkbox needs to be ticked by the user.
- Enable the Reference ID to better track your user’s submissions.
After you publish/share your form, any new changes to your GDPR form fields will cancel the consent.
Examples
Explain why you need their personal data
- This form collects your name and email address to keep track of [your activity].
- This form collects your email address so that we can add you to our newsletter list
- The collected information is used for advertising purposes.
- The collected data will be used for research/ to plan an event /to communicate with you.
Create a Privacy Policy
- I consent to allow my data to be used for [… ]
- I consent to receive newsletters about [… ]
- I agree to allow [company] to store and process my personal data.