GDPR Compliance Guide for Online Forms | Formstack
Maintain GDPR Compliance with Online Forms
Learn how to maintain GDPR compliance for online forms, collect opt-in consent, and create seamless erasure workflows across departments.
Please enter a valid email address
Please click the reCaptcha checkbox
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

GDPR Compliance Guide for Online Forms | Formstack
GUIDE

Maintain GDPR Compliance with Online Forms

Introduction to GDPR

Disclaimer: This guide is not intended to serve as legal advice. If you’re working to comply with the GDPR, it’s up to you and your own legal counsel to determine how these privacy laws apply to your specific business.

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union (EU) privacy law that allows its citizens and residents to have access and control over their personal data. This new law will affect organizations all over the world who are doing business with citizens and residents of the EU.

What does this mean for me?

If your business collects any information from citizens or residents of the EU, you’ll want to take a look at your data collection processes and make sure they are compliant with GDPR data protection laws. There are three main areas of your data collection process you’ll want to examine:

Right to Access

Under the new GDPR law, you'll need to be more transparent with the information you collect from users. If a user wants access to their information, you’ll need to provide an electronic version of their personal information, note where it's stored, and explain how it is being used.

Right to Be Forgotten

Users will also have the ability to request that their personal data be removed from your systems at any time. This means you’ll need to create a process that routes through all systems where personal information is stored and provide notice to the requestor that their information has been deleted.

When does GDPR go into effect?

The new GDPR law goes into effect on May 25, 2018. If you’re a little behind and need to get moving quickly, we’ve got your back. We’ve compiled some quick tips on how you can use Formstack to collect consent from users, store their data, and create a workflow process to execute on their right to be forgotten.

Let’s dive in!

Executing the Right to be Forgotten

The GDPR data protection law gives people the right to “be forgotten” or withdraw their consent at any time. To meet these requests, you need to put the proper withdrawal procedures in place. Withdrawing consent needs to be as simple and painless as possible. Ideally, your users should be able to withdraw their consent with the same method they used to give it. This means that if they used a form to opt in, they should also be able to use a form to opt out.

How to Create Seamless Erasure Workflows

Successfully deleting user data can be complicated if you don’t have a smooth process in place. With Formstack’s workflows feature, you can meet erasure needs quickly by setting up a workflow that moves across multiple departments. Each workflow step can be assigned to a different person, and after each step is completed, the workflow form is automatically routed to the next person so they can complete their part.

For example, you could create a workflow across marketing, sales, and product to ensure a person’s data is deleted across all your company systems. Here’s what that could look like:

Step 1:

George submits an erasure request form. His submission kicks off a workflow that starts with Sara in marketing.

Step 2:

Sara sees George’s request and deletes his data from the company’s marketing systems. She makes note of each system on the form and clicks submit.

Step 3:

Tiffany from sales reviews Sara’s notes, deletes George’s data from the company’s sales systems, and adds her own notes to the form.

Step 4:

The form finally moves to Jack in product, who completes a final review of the erasure process to ensure that George’s data has been removed from all systems.

Step 5:

After all data is deleted, a confirmation email is sent to George letting him know that erasure is complete.

Keep in mind that this is only an example. You need to make sure your workflow is as thorough as possible to ensure erasure is successful. Discuss your erasure process with your team to identify who needs to delete data and where.

Get Ready for GDPR

Think you’re ready for the GDPR? Use the checklist below to make sure your forms and processes are compliant:

  • My GDPR consent forms are accessible and easy to understand.
  • My forms include a simple way to opt in to communication.
  • My forms do not have opt-in boxes already checked for users.
  • My forms let users know how their information will be used.
  • I use description fields to give users access to my privacy policy.
  • I collect the date and time of a user’s consent with my company.
  • I document how a user opted into consent with my company.
  • I’ve created an easy process that gives users access to their information.
  • I have an easy way for users to ask for their data to be removed.
  • I have a workflow process to delete user data from my systems.

If you’ve checked all of these boxes, congrats! You’re well on your way to GDPR compliance. If you’re still missing a couple checkmarks, start a free trial of Formstack and use the knowledge you’ve gained to build forms and processes to complete your compliance.

This guide was prepared by Formstack, a versatile workflow acceleration platform that enables businesses of all types and sizes to remove complexity and get more work done. With Formstack, anyone can quickly and easily build custom forms, create documents, collect eSignatures, and automate workflows—all without code.

The platform offers multiple robust features, including conversion tools, 150+ integrations, and a native app for Salesforce. Whether you’re an operations director trying to maintain GDPR compliance or a marketing professional trying to improve your lead generation process, Formstack has the power and flexibility to help you succeed.

FEATURES
Authorize.Net
Bambora
Chargify
First Data
PayPal
PayPal Pro
PayPal Payflow
Stripe
Monthly Fees
$25
$25
$149+
Contact First Data
$0
$25
$0-$25
$0
Transaction Fees
$2.9% + 30¢
$2.9% + 30¢
N/A
Contact First Data
$2.9% + 30¢
$2.9% + 30¢
10¢
$2.9% + 30¢
Countries
5
8
Based on payment gateway
50+
203
3
4
25
Currencies
11
2
23
140
25
23
25
135+
Card Types
6
13
Based on payment gateway
5
9
9
5
6
Limits
None
None
Based on payment gateway
None
$10,000
None
None
None
Form Payments
Recurring Billing
Mobile Payments
PSD2 Compliant

Please accept the cookie consent in order to use this chat.

drift bot
1