GDPR and website contact forms – basic steps you need to take

One of the key principles of GDPR is informed consent, and one of the main changes you’ll probably need to make to your website ahead of the 25th May implementation date of GDPR is add storage and processing consent check-boxes to your website contact forms.

Not just for marketing purposes

It’s important to note that this isn’t just where you’ll be collecting email addresses or other details to use for marketing purposes. GDPR requires you to get permission when you store and process data – such as saving a contact form to a database, or using the information provided by a customer through a contact form to respond to their message. So basically, all contact forms need a permissions check-box.

You can see an example of how we’ve implemented this on our contact us page or in the example below:

Privacy and data processing policies

You should also have a privacy policy, that details the information you collect, why you collect it, who you share it with (if anyone) and how long you’ll keep it for. You also need to include information on how your customers or visitors can request access to their data, and how they can request you delete their information. We blogged about this recently.

Do you save contact form data in your website database?

If you store contact form data, names, email addresses and messages, these are considered personal information under GDPR and must be secured (or not saved at all!). 

Getting compliant

If you need a hand making your contact forms (and website) GDPR compliant, get in touch, we’ll be happy to guide you through the process and help make the changes to your website.