Iubenda logo


Table of Contents

GDPR consent forms examples – What to do and not to do

GDPR requires that organizations have a lawful basis for processing data. One such basis is consent, which according to the GDPR has to be explicit and freely given. This means that the mechanism for acquiring consent must be unambiguous and involve a clear affirmative action.

While you shouldn’t ask for consent if you’re carrying out a core service or process personal data by law, you should ask for it when you’re offering a non-essential service, like sending marketing emails and newsletters.

Let’s see how you can make sure you’re earning consent in the right way with these actionable tips and form examples.

Be transparent with your GDPR consent requests

Avoid complex phrasing when explaining reasons for consent: specify why you want the data and what you’re going to do with it in “plain English”. Also, don’t forget to clearly name your organization and any third parties relying on the user’s consent. 

Don’t use pre-ticked checkboxes

Ask users to positively opt-in, because pre-ticked checkboxes or any other type of consent by default are not allowed. 

GDPR form example - Consenting action must be explicit and verifiable

Speaking of opt-in: the safest way to handle a mailing list is the double opt-in, a process that includes two steps. In step 1 potential subscribers fill out and submit your form. In step 2 they’ll receive a confirmation email and click a link to verify their email, which is added to your mailing list. This method of registration is considered best practice in many countries, especially Germany and in the EU.

Separate consent requests from terms and conditions

Agreeing to terms and conditions and giving consent to various activities are not the same thing: make them easily distinguishable from each other and provide individual opt-ins for consent.

GDPR form example - Multiple consents

Give granular options

Allow customers to consent to independent processing operations. Help the user to have full control of their consents and permissions by creating an overview of each activity you need.

GDPR form example - Granular options

Make it easy to withdraw consent

Users have the right to withdraw their consent at any time and you should clearly tell them where and how to do it without detriment. As a consequence, consent doesn’t have to be a precondition of a service.

GDPR form example - Withdraw consent

When you don’t need checkboxes

Checkboxes are necessary when you are trying to get consent for separate things, but they’re not required where the purpose of the sign-up mechanism is unequivocal. So for example, in a scenario where your site has a pop-up window that invites users to sign up to your newsletter using a clear phrase such as: “Subscribe to our newsletter for access to discount vouchers and product updates!“, the affirmative action that the user performs by typing in their email address would be considered valid consent.

How iubenda can help with GDPR requirements for your forms

GDPR not only sets the rules for how to collect consent but also requires companies to keep a record of these consents. It means that you must be able to provide proof of when and how you got consent and what they were told at the time.

Our Consent Solution simplifies this process by helping you to easily store proof of consent and manage consent and privacy preferences for each of your users.

Collect GDPR consent for your forms

Explore our Consent Solution

Free Intro to Online Compliance course

This 5 part email course teaches you the online compliance basics, in an easy-to-understand and approachable way. Sign up below.

No strings attached. Unsubscribe anytime.

About us


Compliance solutions for websites, apps and organizations: collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.


See also