Iubenda logo
Start generating


Table of Contents

How to create GDPR compliant forms

If your business is based in Europe, or you process the personal data of individuals in Europe, the GDPR affects you. When relying on consent as your legal basis for processing, the GDPR says the consent has to be freely given, specific, informed, and unambiguous.

Let’s see how you can make sure you’re earning consent in the right way with these actionable tips and form examples.

Use clear and straightforward language

If your users are not able to understand exactly what they’re signing up for, they cannot give informed consent. Avoid complex phrasing when explaining reasons for consent: specify why you want the data and what you’re going to do with it in “plain English”.

Give the name of your company

Don’t forget to clearly name your organization and any third parties relying on the user’s consent. 

Avoid pre-ticked checkboxes

Your mechanism for acquiring consent must involve a clear affirmative action: pre-ticked checkboxes or any other type of consent by default are not allowed.

GDPR form - Avoid pre-ticked checkboxes

Separate consent requests from terms and conditions

Consent should be specific to a particular activity in order to be considered valid: when you ask for consent, this needs to be separate from other terms and conditions.

GDPR form - Separate consent requests from terms and conditions

Make it easy to withdraw consent

Users have the right to withdraw their consent at any time and you should clearly tell them where and how to do it without detriment. Never hide your unsubscribe button.

GDPR form - Make it easy to withdraw consent
Looking for a simple and compliant way to manage consent for newsletter subscriptions?

Try our Newsletter Opt-in Booster 👉 it adds a customizable signup form to your site, allowing you to collect and manage consent through a double opt-in process for a more engaged and responsive audience.

Activate now

Keep valid records of the consent collected

GDPR not only sets the rules for how to collect consent but also requires companies to keep a record of these consents. Without these records, the consent you collect is considered invalid. Your records of consent should include:

  • when and how consent was acquired from the individual user;
  • exactly what the user was told at the time; and
  • which conditions/legal documents were applicable at the time at which the consent was acquired.

Our Consent Database simplifies this process by helping you to easily store proof of consent and manage consent and privacy preferences for each of your users. It smoothly integrates with your consent collection forms, syncs with your legal documents and includes a user-friendly dashboard for reviewing consent records of your activities.

Collect GDPR consent for your forms

Explore our Consent Database

See also