How To Make Your Website Forms GDPR-Compliant
Are your website forms GDPR-compliant? Make sure your data collection processes are ready for the upcoming EU legislation with this checklist.
The General Data Protection Regulation (GDPR) is fast-approaching on May 25, 2018, and it’s imperative to make sure all of your services and processes are compliant. If you haven’t heard about the GDPR yet, get acquainted here and see if and how you are affected by the new legislation.
Your web page forms are usually the first point of contact and the place where most personal data is collected. Therefore, it’s vital that web page forms are GDPR-compliant every step of the of the way from collection to reporting.
We’ve created a checklist of best practices to help you make your website forms GDPR-compliant.
Start by specifying what kind of data you want, why you want it, and how it’s presented when you collect it.
Define what data you will be collecting
List out all of the questions you’re going to ask in your website form
When designing your form and questions, make privacy your guiding priority.
2. Data Mapping
Mapping out all the touchpoints and steps in your data processing cycle will prepare you to be audit-ready.
Lay out the following information concerning the data you’re collecting:
Who the data was collected from
Where the data was collected
If the data subject is over the age of 13
What your purposes are for collecting the data information
Where you plan on storing the data information
Who will have access to the data information
What category of personal data it is
If the data information is sensitive
How long you hold the data information for
3. Define Your Process
Having detailed documentation around your process enables you to detect the points that aren’t GDPR-compliant easier.
Make sure your internal processes are transparent and fully auditable
Make sure the Data Map is the point of reference
Clearly communicating your compliance with GDPR to your audience within every step of the data collection process is key. Providing transparent information about your use of collected data for everyone to fully consent with giving their personal data is required by GDPR.
Article 13 of the GDPR sets out what you information you need to provide at the point of data collection (i.e. website form)
Include the GDPR policies on each data entry field
Let your audience know exactly why you need their information and what you’re going to do with it
Write everything out in clear and accessible language
5. Finishing the Form
Make sure that your audience knows about their data rights at the specific point of data submission. This will ensure their data rights and full consent to the collection of their personal data submission as required by GDPR.
Make sure the consent is opt-in
Provide a well-monitored email where your audience and contact you with questions and about their data information
For more information about how you can prepare for the GDPR, visit our “How to Prepare for the General Data Protection Regulation (GDPR)” blog.