As of May 2018, the General Data Protection Regulation (GDPR) will come into affect and I am wondering how best to comply with this when implementing a simple contact form.
The form, lets say, requires the person's name, email, and has an optional telephone and message field. The form data is then sent to an email address, as well as being stored in a database.
I understand that we must:
Whilst these steps are ok, I have also read that we are obliged to confirm the user's identity - the suggested method is a double opt-in. Surely this can't apply to a contact form?
So in summary, what should be done to allos user to fill out the form, but for us to comply with the new regulations?