Iubenda logo
Start generating

Documentation

Table of Contents

How to create GDPR compliant forms

If your business is based in the EU, or you process the personal data of individuals in the European Union, the GDPR affects you. When relying on consent as your legal basis for processing, the GDPR says the consent has to be freely given, specific, informed, and unambiguous.

Let’s see how you can make sure you’re earning consent in the right way with these actionable tips and form examples.

Use clear and straightforward language

If your users are not able to understand exactly what they’re signing up for, they cannot give informed consent. Avoid complex phrasing when explaining reasons for consent: specify why you want the data and what you’re going to do with it in “plain English”.

Give the name of your company

Don’t forget to clearly name your organization and any third parties relying on the user’s consent. 

Avoid pre-ticked checkboxes

Your mechanism for acquiring consent must involve a clear affirmative action: pre-ticked checkboxes or any other type of consent by default are not allowed.

GDPR form - Avoid pre-ticked checkboxes

Separate consent requests from terms and conditions

Consent should be specific to a particular activity in order to be considered valid: when you ask for consent, this needs to be separate from other terms and conditions.

GDPR form - Separate consent requests from terms and conditions

Make it easy to withdraw consent

Users have the right to withdraw their consent at any time and you should clearly tell them where and how to do it without detriment. Never hide your unsubscribe button.

GDPR form - Make it easy to withdraw consent

Keep valid records of the consent collected

GDPR not only sets the rules for how to collect consent but also requires companies to keep a record of these consents. Without these records, the consent you collect is considered invalid. Your records of consent should include:

  • when and how consent was acquired from the individual user;
  • exactly what the user was told at the time; and
  • which conditions/legal documents were applicable at the time at which the consent was acquired.

Our Consent Solution simplifies this process by helping you to easily store proof of consent and manage consent and privacy preferences for each of your users. It smoothly integrates with your consent collection forms, syncs with your legal documents and includes a user-friendly dashboard for reviewing consent records of your activities.

Collect GDPR consent for your forms

Explore our Consent Solution

See also