SmartSimple Blog

How To Make Your Website Forms GDPR-Compliant

Posted by Stirling Myles on May 9, 2018 8:00:00 AM



Are your website forms GDPR-compliant? Make sure your data collection processes are ready for the upcoming EU legislation with this checklist.

The General Data Protection Regulation (GDPR) is fast-approaching on May 25, 2018, and it’s imperative to make sure all of your services and processes are compliant. If you haven’t heard about the GDPR yet, get acquainted here and see if and how you are affected by the new legislation.

Your web page forms are usually the first point of contact and the place where most personal data is collected. Therefore, it’s vital that web page forms are GDPR-compliant every step of the of the way from collection to reporting.

We’ve created a checklist of best practices to help you make your website forms GDPR-compliant.

1. Data

Start by specifying what kind of data you want, why you want it, and how it’s presented when you collect it.

  • Define what data you will be collecting

  • List out all of the questions you’re going to ask in your website form

  • When designing your form and questions, make privacy your guiding priority.



2. Data Mapping

Mapping out all the touchpoints and steps in your data processing cycle will prepare you to be audit-ready.

  • Lay out the following information concerning the data you’re collecting:

    • Who the data was collected from

    • Where the data was collected

    • If the data subject is over the age of 13

    • What your purposes are for collecting the data information

    • Where you plan on storing the data information

    • Who will have access to the data information

    • What category of personal data it is

    • If the data information is sensitive

    • How long you hold the data information for



3. Define Your Process

Having detailed documentation around your process enables you to detect the points that aren’t GDPR-compliant easier.

  • Make sure your internal processes are transparent and fully auditable

  • Make sure the Data Map is the point of reference

4. Communicate

Clearly communicating your compliance with GDPR to your audience within every step of the data collection process is key. Providing transparent information about your use of collected data for everyone to fully consent with giving their personal data is required by GDPR.

  • Article 13 of the GDPR sets out what you information you need to provide at the point of data collection (i.e. website form)

  • Include the GDPR policies on each data entry field

  • Let your audience know exactly why you need their information and what you’re going to do with it

  • Write everything out in clear and accessible language



5. Finishing the Form

Make sure that your audience knows about their data rights at the specific point of data submission. This will ensure their data rights and full consent to the collection of their personal data submission as required by GDPR.

  • Make sure the consent is opt-in

  • Link to your organization’s Privacy Policy, a place where they can manage their consent settings, and where it is easy to withdraw their consent.

  • Provide a well-monitored email where your audience and contact you with questions and about their data information

For more information about how you can prepare for the GDPR, visit our “How to Prepare for the General Data Protection Regulation (GDPR)” blog.


Topics: Compliance, GDPR, SmartSimple Cloud platform