Looking for a way to create GDPR-compliant forms to stay on the right side of the General Data Protection Regulation (GDPR)?
If you have any kind of form on your website, you’re collecting personal data directly from visitors. Since the GDPR concerns rules for protecting and using this kind of information, you’ll need to make sure your forms meet all the required criteria. Fortunately, this can be simple if you’re using the right contact form plugin.
A brief introduction to the GDPR
If you haven’t already heard of the General Data Protection Regulation (GDPR), it’s something you’ll want to familiarize yourself with. This EU-based regulation affects all sites that collect any data from visitors inside the EU – which includes just about every website.
In a nutshell, the GDPR was designed to give internet users more control over how their personal information is collected, stored, and used. To do so, it enforces rules for websites to follow, which includes the following:
- You need to know what data you’re collecting from visitors, and have methods in place for tracking and storing it safely (as well as notifying users in the event of a security breach).
- Website users have the right to know what data is being collected, along with how it’s being used and stored.
- Anyone you’ve collected data about also has the right to access a copy of it, and request for it to be permanently deleted.
This is just scratching the surface of what this regulation involves, of course. If you want to learn more, you can check out our complete guide to the GDPR over on the CodeinWP blog.
What it means for your WordPress forms to be GDPR-compliant
Based on the last two points above, it should be clear that the GDPR will affect the way your website’s forms are designed. You can’t simply ask for people’s names and email addresses – not anymore, anyway.
Instead, you’ll want to review all existing forms on your site to make sure they aren’t breaking any GDPR rules. In addition, you’ll need to know how to create GDPR-compliant forms in the future. This means:
- Clearly explaining what data you’re collecting and how it’s used.
- Asking for permission before storing submitted information in your site’s database.
- Letting users export or erase their data if they want to.
Exactly how you do this will vary, depending on how your forms were made. However, the simplest solution is to use a WordPress form plugin with GDPR-related features built in. You may even want to consider re-creating your forms with this type of plugin if yours doesn’t offer the right options. This will take a little time, but will be well worth the resulting peace of mind.
In the steps below, we’ll show you how to build GDPR-compliant forms using the WPForms plugin:
Current Version: 1.5.1
Last Updated: February 6, 2019
Along with enabling you to create customized and user-friendly forms on your WordPress site, this plugin provides a number of handy features to help you meet the GDPR’s requirements. Plus, it’s free to try out.
How to create GDPR-compliant forms on your WordPress site
Before we get started, we should offer a final caveat: We aren’t lawyers. What follows is some advice to help you create more GDPR-compliant forms. However, you’ll want to fully review the complete terms of the GDPR as well, and solicit legal advice if necessary.
With that out of the way, let’s jump right in!
For this tutorial, we’ll assume that you’ve already installed and activated the free WPForms plugin from WordPress.org.
Step 0: Clearly explain your data collection and storage methods
As we’ve explained, according the GDPR you’ll need to let website visitors know what you’re doing with their data. The following three points are most important. You need to clarify:
- What data you’re collecting.
- How this data is being used.
- The way you’re storing the data.
Step 1: Enable WPForms GDPR functionality
You can do this by going to WPForms → Settings and checking the box for GDPR Enhancements. Make sure to save your changes after:
Step 2: Create your form
Next, you’ll need to create your form. You can do this using the regular WPForms functionality.
First, go to WPForms → Add New and choose whether to use one of the pre-made templates or a blank slate:
Then, you can use WPForms’ drag-and-drop form builder interface to add new fields or modify existing ones:
Step 3: Add GDPR Agreement field
One of the features that you activated in Step 1 of this tutorial is WPForms’ GDPR Agreement field.
Once you’ve added all your regular form fields, you’ll want to add this field to the bottom of your form right above the Submit button.
It adds a required checkbox that people must fill out in order to submit your form:
To do that, click on the GDPR Agreement field to edit it. Then, edit the Agreement field as needed.
Using WPForms Pro? Consider these features
The free version of WPForms doesn’t store any form submissions in your site’s database, which makes it quite easy to create GDPR-compliant forms.
However, if you upgrade to WPForms Pro, it includes an option to store form submissions in your WordPress dashboard (as well as other information, like geolocation data).
Don’t worry, though – it’s still easy to create GDPR-compliant forms with the Pro version.
First off, you’ll get two new options in the settings area (WPForms → Settings) where you can configure whether to store user cookies or user details:
You can also configure these on a per-form basis.
When it comes to creating GDPR-compliant forms, your responsibilities don’t stop once data is collected, though. Users also have the right to get a copy of all the information you’ve collected, if they choose to do so. In addition, they need to be able to request that you delete their data.
The simplest way to provide these two options is by creating a separate form just for this purpose with an option for users to request their information.
Once a user submits a request for their data, you can use WPForms Pro’s Entries area to search for their information and share/delete it:
New laws like the GDPR can seem intimating at first glance. There are a lot of rules you’ll need to make sure to follow. Fortunately, the creators of many of your favorite website-building tools already know this. If you’re lucky, they’ll provide options to help you ensure compliance with the GDPR easily.
The WPForms plugin is a perfect example. It helps you create GDPR-compliant forms by giving you an easy way to add a GDPR agreement field. And if you use WPForms Pro to actually store form submissions in your site’s database, you’ll get more new features to help you keep your forms GDPR compliant.