Iubenda logo
Start generating

Documentation

Table of Contents

How to create a GDPR contact form

What is a GDPR contact form and how do you go about creating one? In this post, we’ll show you step by step, the best way to create a contact form that’s compliant with the GDPR.

Under the GDPR, consent is one of the most frequently used and well known legal bases for processing user data, however, for consent to be considered valid, it must be collected under specific conditions. Because contact forms are generally used as a means of collecting users’ consent for being contacted, contact forms are subject to GDPR consent rules.

Here’s how to create a GDPR contact form:

Step 1: Use clear and straightforward language on your forms

The GDPR requires transparency and only considers informed, freely given, specific consent to be valid. If your users are not able to understand exactly what they’re signing up for, they cannot give informed consent.

Step 2: Give granular options for consent

Consent should be specific to a particular activity/ purpose in order to be considered valid. See the examples below:

GDPR specific consent form example
GDPR granular consent form example

Step 3: Give the user the ability to opt-in

Under the GDPR, consent must be freely given via an unambiguous action. Mechanisms like pre-checked boxes are forbidden.

GDPR opt-in forms

Step 4: Keep up-to-date records of the consents you’ve collected

Consent is a very important issue under the GDPR, such that it’s mandatory that you’re able to demonstrate that the user has given valid consent; should problems arise, the burden of proof lies with the data controller, so keeping accurate records is vital.

Here’s what how to keep compliant records vs non-compliant records:

Non-compliant Record Keeping Compliant Record Keeping
Simply keeping a spreadsheet with customer names and whether or not consent was provided Ensuring that you keep a copy of the customer’s signed and dated form which shows the action taken by the customer to provide their consent to the specific processing.
Simply keeping the time and date of consent linked to an IP address, with a web link to your current data-capture form and privacy policy.Keeping comprehensive records that include a user ID and the data submitted together with a timestamp. You also keep a copy of the version of the data-capture form and any other relevant documents in use on that date.

Our Consent Solution simplifies this process by helping you to easily store proof of consent and manage consent and privacy preferences for each of your users. It allows you to record every aspect of consent (including the legal or privacy notice and the consent form that the user was presented with at the time of consent collection) and the related preferences expressed by the user.

To use, simply activate the Consent Solution and get the API key, then install via HTTP API or JS widget and you’re done; you’ll be able to retrieve consents at any time and keep them updated.

Wistia video thumbnail

For a list of the full features of the Consent Solution click here or start generating below.

Keep valid GDPR consent records for your forms

Explore our Consent Solution

Everything you need to know about
compliance in one course!

In our free Intro to Online Compliance email course you’ll learn:

  • Online Compliance basics
  • Which laws apply to you
  • How to comply

This easy-to-understand course is suitable
for all knowledge levels.

Sign up for the 7-part series below.

No strings attached. Unsubscribe anytime.
We won’t send you any emails other than the course, unless you later sign up for more.
For further details, review our Privacy Policy.

About us

iubenda

Compliance solutions for websites, apps and organizations: collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.

www.iubenda.com

See also