7

As of May 2018, the General Data Protection Regulation (GDPR) will come into affect and I am wondering how best to comply with this when implementing a simple contact form.

The form, lets say, requires the person's name, email, and has an optional telephone and message field. The form data is then sent to an email address, as well as being stored in a database.

I understand that we must:

  • Explain what personal information is being used for any why
  • Give the user a means to easily see the data that is being held
  • Give the user the option to remove this data.

Whilst these steps are ok, I have also read that we are obliged to confirm the user's identity - the suggested method is a double opt-in. Surely this can't apply to a contact form?

So in summary, what should be done to allow the user to fill out the form, but for us to comply with the new regulations?

Maximillian Laumeister
  • 16,461
  • 3
  • 32
  • 63
Alexander Holsgrove
  • 261
  • 3
  • 11

1 Answers1

1

Your question is two-fold:

  1. How to save information entered through a form on your website
  2. How to delete information entered through a form on your website

Say, someone enters a name, email and data into your form. Since that data is personally identifiable information, you must make sure that this data can be deleted by the person owning that data. To do that, you could double opt-in and the save the data permanently.

Not always is the entered information correct. I could be a jack and just enter my neighbours information...

So whenever someone asks for all stored information or deletion of data, you have a verified email-address you can tie that request to.

David K.
  • 2,771
  • 17
  • 28