How to set up forms in compliance with the GDPR? Let’s make the point.
Share the article
Published on
/What to know before creating a form
The General Data Protection Regulation (GDPR) imposes some transparency on companies regarding the collection of personal data. When offered to fill out a form, this is direct data collection. Companies have an obligation of transparency towards the people who will provide their personal data.
Therefore, Internet users filling out a form should be able to:
- Know the reason for the collection of the various data concerning them,
- Understand the treatment that will be carried out with your data,
- Control their data, facilitating the exercise of their rights, or allowing them to request the rectification of their data or even its complete cancellation.
Good to know: the CNIL has published a help page on the use of clearer terms for the general public in order to help organizations simplify the technical terms of the GDPR and thus make it easier for most internet users to understand.
The rules to know for a GDPR compliant form
Natural persons must be informed of the processing of their data “in a concise, transparent, understandable and easily accessible manner, in clear and simple terms”when they fill out the form (not after).
According to the CNILThe information that must be accessible when filling out a form is as follows:
- Identity and contact details of the organization (this is the data controller),
- Purpose of data processing (your objectives for this collection),
- Legal basis for data processing,
- Mandatory or optional nature of data collection,
- Recipients or categories of recipients of the data,
- Data retention period,
- Rights of natural persons (rights of access, rectification, cancellation, etc.),
- Contact details of the organization’s data protection officer (DPO) or personal data protection contact point,
- Propose the possibility of making a complaint to the CNIL.
If it is an online form, it is for example possible to display a sentence that mentions the processing of personal data with a clickable link to a dedicated page where all the mandatory information is listed.
Good to know: You can use online tools to help you create your forms. These offer ready-to-use templates that you can customize with no technical skills required.
Two examples of personal data collection forms
The CNIL offers two roads view the requested information:
- View the minimum information about the collection medium.
- Show all the minimum information on two different supports (a first level of information on the questionnaire, then a second level of information in addition to the questionnaire).