GDPR: This is how contact forms have to be designed
Contact forms are often the easiest way for customers to get in touch with a company. This practical tip shows you how you should implement them in accordance with the GDPR.
Implement the contact form in accordance with the GDPR - how it works
With contact forms, there are a number of things that you, as the website operator, have to pay attention to.
- First of all, you should consider which data you need to request using the form. The principle of data economy applies here. This means that you can only query data that is absolutely necessary to answer the query. As a rule, these are only the name and email address, excessive mandatory information is not permitted. Of course, you can provide additional fields for other data, but these may not be mandatory fields. The customer must be able to see which fields he has to fill out.
- Form data are to be used for specific purposes. In practice, this means that you may initially only use the data received to answer the request, but not, for example, to register for a newsletter.
- It is also important that you transfer the page with the contact form using SSL encryption. Otherwise, the information could be easily accessed by others.
- A data protection declaration is generally mandatory, but you should link to it again with a contact form. In general, the data protection declaration should be easy to find. It is important that the declaration contains information about what the data from the form is used for.
In the next practical tip, you will find out what else you need to pay attention to to make your website GDPR compliant.