The GDPR is the European Union’s General Data Protection Regulation. Its purpose is to "harmonize data privacy laws across Europe, to protect and empower all EU residents’ data privacy, and to reshape the way organizations across the region approach data privacy for EU residents wherever they work in the world."

Forms are one of the most commonly used ways of collecting data online. If you are using forms on your website you should think about data privacy and GDPR consent from day one.

However, creating GDPR consent forms isn't as simple as checking things off a list. At every step, you need to think about user privacy, and how you collect and store their information.

The list below is not exhaustive but it's a good starting point towards making your forms GDPR compliant.

1. Obtain explicit permission

You can add a checkbox field to your GDPR form, which contains your terms of use or links to them. The field should be set to required, and not checked by default. This is an explicit way of asking for consent under GDPR.

GDPR forms: add a link to your terms and conditions
GDPR consent form field
GDPR forms: using explicit consent to collect data

2. Honor the right to be forgotten

An important aspect of GDPR consent forms is the Right to Erasure, or the Right to be Forgotten.

Even if your users give you explicit consent to store their data, they have the right to ask for the removal of that data.

You should give respondents a way to contact you in case they want their information erased. In FormCrafts, you can manually delete responses from the Responses page.

3. Collect what is needed

Fields can be marked as required. We recommend that optional fields not be marked as required, since this gives the respondent an option to opt-out.

Fields can contain instructions and sub-labels which allows you to be more precise with your goals.

Using field instruction tooltips to explain your data collection goals

We recommend not leaving the label field blank, even if it is hidden. it would be an obstacle for respondents using accessibility devices.

4. Disable auto-save form progress

A lot of form builders, including FormCrafts, allow you to enable the auto-save form progress option. When enabled this option periodically saves form progress, which comes in handy in case the user closes their browser window by mistake or another unforeseen circumstance.

Unlike most form builders, FormCrafts does not allow admins to view this form progress. This info is only available to the user filling out the form.

However, the user did not consent to their info being stored or saved. Simply filling out the form does not constitute as GDPR consent. We recommend users to turn off this option to be on the safe side, especially if their form responders are from the EU.