Iubenda logo
Start generating

Documentation

Table of Contents

How to create a GDPR contact form

What is a GDPR contact form and how do you go about creating one? In this post, we’ll show you step by step, the best way to create a contact form that’s compliant with the GDPR.

Under the GDPR, consent is one of the most frequently used and well known legal bases for processing user data, however, for consent to be considered valid, it must be collected under specific conditions. Because contact forms are generally used as a means of collecting users’ consent for being contacted, contact forms are subject to GDPR consent rules.

Here’s how to create a GDPR contact form:

Step 1: Use clear and straightforward language on your forms

The GDPR requires transparency and only considers informed, freely given, specific consent to be valid. If your users are not able to understand exactly what they’re signing up for, they cannot give informed consent.

Step 2: Give granular options for consent

Consent should be specific to a particular activity/ purpose in order to be considered valid. See the examples below:

GDPR specific consent form example
GDPR granular consent form example

Step 3: Give the user the ability to opt-in

Under the GDPR, consent must be freely given via an unambiguous action. Mechanisms like pre-checked boxes are forbidden.

GDPR opt-in forms
🔎
Looking for a simple and compliant way to manage consent for newsletter subscriptions?

Try our Newsletter Opt-in Booster 👉 it adds a customizable signup form to your site, allowing you to collect and manage consent through a double opt-in process for a more engaged and responsive audience.

Activate now

Step 4: Keep up-to-date records of the consents you’ve collected

Consent is a very important issue under the GDPR, such that it’s mandatory that you’re able to demonstrate that the user has given valid consent; should problems arise, the burden of proof lies with the data controller, so keeping accurate records is vital.

Here’s what how to keep compliant records vs non-compliant records:

Non-compliant Record Keeping Compliant Record Keeping
Simply keeping a spreadsheet with customer names and whether or not consent was provided Ensuring that you keep a copy of the customer’s signed and dated form which shows the action taken by the customer to provide their consent to the specific processing.
Simply keeping the time and date of consent linked to an IP address, with a web link to your current data-capture form and privacy policy.Keeping comprehensive records that include a user ID and the data submitted together with a timestamp. You also keep a copy of the version of the data-capture form and any other relevant documents in use on that date.

Our Consent Database simplifies this process by helping you to easily store proof of consent and manage consent and privacy preferences for each of your users. It allows you to record every aspect of consent (including the legal or privacy notice and the consent form that the user was presented with at the time of consent collection) and the related preferences expressed by the user.

To use, simply activate the Consent Database and get the API key, then install via HTTP API or JS widget and you’re done; you’ll be able to retrieve consents at any time and keep them updated.

Wistia video thumbnail

For a list of the full features of the Consent Database click here or start generating below.

Keep valid GDPR consent records for your forms

Explore our Consent Database

About us

iubenda

Compliance solutions for websites, apps and organizations: collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.

www.iubenda.com

See also