How to Create GDPR Consent Forms?
The GDPR is the European Union’s General Data Protection Regulation. Its purpose is to "harmonize data privacy laws across Europe, to protect and empower all EU residents’ data privacy, and to reshape the way organizations across the region approach data privacy for EU residents wherever they work in the world."
Forms are one of the most commonly used ways of collecting data online. If you are using forms on your website you should think about data privacy and GDPR consent from day one.
However, creating GDPR consent forms isn't as simple as checking things off a list. At every step, you need to think about user privacy, and how you collect and store their information.
The list below is not exhaustive but it's a good starting point towards making your forms GDPR compliant.
1. Obtain explicit permission
2. Honor the right to be forgotten
An important aspect of GDPR consent forms is the Right to Erasure, or the Right to be Forgotten.
Even if your users give you explicit consent to store their data, they have the right to ask for the removal of that data.
You should give respondents a way to contact you in case they want their information erased. In FormCrafts, you can manually delete responses from the Responses page.
3. Collect what is needed
Fields can be marked as required. We recommend that optional fields not be marked as required, since this gives the respondent an option to opt-out.
Fields can contain instructions and sub-labels which allows you to be more precise with your goals.
We recommend not leaving the label field blank, even if it is hidden. it would be an obstacle for respondents using accessibility devices.
4. Disable auto-save form progress
A lot of form builders, including FormCrafts, allow you to enable the auto-save form progress option. When enabled this option periodically saves form progress, which comes in handy in case the user closes their browser window by mistake or another unforeseen circumstance.
Unlike most form builders, FormCrafts does not allow admins to view this form progress. This info is only available to the user filling out the form.
However, the user did not consent to their info being stored or saved. Simply filling out the form does not constitute as GDPR consent. We recommend users to turn off this option to be on the safe side, especially if their form responders are from the EU.