What's GDPR?
GDPR is a regulation that ensures higher transparency, access and control of personal data of consumers i.e. respondents of your forms. Effective starting 25th May 2018, it provides guidelines for secure data handling and data privacy for businesses that deal with EU-based customers. With form respondents having a greater say in how their data is collected and used, we are ensuring their fundamental right to have their personal data protected.
Why should you make your forms GDPR compliant?
Failure to comply with GDPR may carry a heavy price for you and your organization. Fines for noncompliance can range up to 20 million Euros (€20 million) or 4% of your organization's total worldwide annual turnover from the preceding year, whichever may be higher.
The three essential roles
Under GDPR, the people interacting with form data fall into three categories.
Data Subject
refers to the form respondents who fill and submit the forms.
Data controller
refers to you, the form maker or form admin. You determine the purposes and means of collecting and processing personal data.
Data processor
refers to us, Zoho Forms. We will process the data collected using the forms you create.
Best practices to make your forms GDPR compliant
Zoho Forms has devised several ways to make your forms GDPR compliant, from data collection and processing to managing data subject rights.
For data collection and data processing
Double opt-in for submissions
Double opt-in lets your form respondents to confirm their form submission and also provide consent for being added to your mailing list.
Mark fields as Personal Fields
Fields marked as personal help you treat any data which can be used to identify your form respondents with a higher degree of sensitivity.
Encrypt field data
Mark fields of your choice that need to be encrypted at rest and provide an added layer of security along with Zoho Forms' built-in HTTPS protocol encryption.
For managing data subject rights
Right to be informed
Include a Terms and Conditions field
Right of access and data portability
Share a PDF of form response to the form respondent
Right to rectification
Enable editing of form responses
Right to be forgotten
Delete data submitted by form respondents if they request it
Right to restrict or object to processing
Apply a 'Do Not Process' state for the specified form response
Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.
For more detailed information, check out our E-Book on GDPR compliance using Zoho Forms.