Make your forms GDPR compliant with Zoho Forms

With the EU introducing the GDPR (General Data Protection Regulation), data privacy has taken center stage for organizations across the globe. Zoho Forms is ready with what it takes to make GDPR compliant forms.

For more detailed information, check out our E-Book on GDPR compliance using Zoho Forms. 

Read our Free EBook

What's GDPR?

GDPR is a regulation that ensures higher transparency, access and control of personal data of consumers i.e. respondents of your forms. Effective starting 25th May 2018, it provides guidelines for secure data handling and data privacy for businesses that deal with EU-based customers. With form respondents having a greater say in how their data is collected and used, we are ensuring their fundamental right to have their personal data protected.

Why should you make your forms GDPR compliant?

Failure to comply with GDPR may carry a heavy price for you and your organization. Fines for noncompliance can range up to 20 million Euros (€20 million) or 4% of your organization's total worldwide annual turnover from the preceding year, whichever may be higher.  

The three essential roles

Under GDPR, the people interacting with form data fall into three categories.

  • Data Subject

    refers to the form respondents who fill and submit the forms.

  • Data controller

    refers to you, the form maker or form admin. You determine the purposes and means of collecting and processing personal data.

  • Data processor

    refers to us, Zoho Forms. We will process the data collected using the forms you create.

Best practices to make your forms GDPR compliant

Zoho Forms has devised several ways to make your forms GDPR compliant, from data collection and processing to managing data subject rights.

For data collection and data processing


    Double opt-in for submissions

    Double opt-in lets your form respondents to confirm their form submission and also provide consent for being added to your mailing list.


    Mark fields as Personal Fields

    Fields marked as personal help you treat any data which can be used to identify your form respondents with a higher degree of sensitivity.


    Encrypt field data

    Mark fields of your choice that need to be encrypted at rest and provide an added layer of security along with Zoho Forms' built-in HTTPS protocol encryption.

For managing data subject rights


    Right to be informed

    Include a Terms and Conditions field


    Right of access and data portability

    Share a PDF of form response to the form respondent


    Right to rectification

    Enable editing of form responses


    Right to be forgotten

    Delete data submitted by form respondents if they request it


    Right to restrict or object to processing

    Apply a 'Do Not Process' state for the specified form response

Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.

For more detailed information, check out our E-Book on GDPR compliance using Zoho Forms.

Read our Free EBook