GDPR compliant contact form

by Alex Holsgrove   Last Updated November 14, 2017 15:04 PM

As of May 2018, the General Data Protection Regulation (GDPR) will come into affect and I am wondering how best to comply with this when implementing a simple contact form.

The form, lets say, requires the person's name, email, and has an optional telephone and message field. The form data is then sent to an email address, as well as being stored in a database.

I understand that we must:

  • Explain what personal information is being used for any why
  • Give the user a means to easily see the data that is being held
  • Give the user the option to remove this data.

Whilst these steps are ok, I have also read that we are obliged to confirm the user's identity - the suggested method is a double opt-in. Surely this can't apply to a contact form?

So in summary, what should be done to allos user to fill out the form, but for us to comply with the new regulations?

Tags : compliance


Related Questions