6 Steps to Build GDPR Compliant Forms

Is your business ready for GDPR? Do you even know what it is? GDPR, or the General Data Protection Regulation is a new EU law that protects the personal data of all European citizens, no matter in the world where it is collected. That last part makes it, effectively, global. So if you collect data from a European Union citizen, you will need to be compliant with the GDPR rules.

Noncompliance will cost you four percent of global turnover, or €20 million ($30,561,400.00 CAD), whichever is greater. That’s a lot of money that most businesses cannot afford to lose. As a result, companies all over the world have been scrambling to make sure they’re GDPR compliant as soon as possible. Keep reading to learn what you can do to ensure your online forms aren’t going to get you in trouble.

1. Online Forms

Online forms can include payment forms, customer information sheets, newsletter subscription forms, and signup forms. All of these need to be compliant with the General Data Protection Regulation, because the GDPR requires that your EU subjects be granted specific rights. If you use online forms to collect their data, your business is affected. GDPR grants rights to users that you must comply with or face the consequences. Here are those rights, and what you can do to comply.

2. Right to Access

Data subjects must be able to ask for and receive confirmation that data is or isn’t being collected from them. If it is, it must be clearly specified what data, why, where, how, and what for. In addition, a copy of this data must be provided to the user in electronic format, for free, upon request.

3. Right to be Forgotten

Data subjects should be able to take away their consent and ask for permanent deletion of their personal data when they ask to withdraw consent. GDPR also says that the data you collect cannot live forever, so any old data you’ve gathered has to expire and be deleted.

4. Right to Rectification

Data subjects should be able to ask for a change on incorrect personal data that concerns them, without any unreasonable delay.

5. Affected Forms

Basically, ALL forms are affected. If you have any forms that collect a person’s name, email, address, credit card info, or any other identifiable information about that person, it’s affected by GDPR. For example, an email subscription list is definitely affected, but an anonymous quiz is most likely not.

6. Making Forms Compliant

Now that you know a little more about GDPR, let’s talk about how to get your forms app complaint with GDPR.

  • Use consent tick boxes. The data rule that will affect signup forms the most is that data cannot be used for any other purposes other than what was initially stated when you collected it. This makes consent tick boxes of utmost importance.
  • Create a system so you can easily respond to form data requests. You must be able to search, view, modify, and delete any entries, as well as send a copy of that data to anyone who requests it.
  • Educate yourself and your team on GDPR data handling standards. Everyone should be on the same page regarding these rules and how you will follow them.
  • Ensure form security. You should take security seriously on all your forms, all the time. This includes turning on SSL for all your forms, using encryption on form fields, enabling mask option to make sure sensitive data isn’t sent by email, using passwords on sensitive forms, and always knowing who has what access to which data.

Please note that these tips are not exhaustive, so please do consult a lawyer so you can understand the full impact this has on your collection, processing, and storage of user data.