Understanding GDPR

GDPR is a regulation designed to enhance transparency, access, and control over personal data for individuals, including respondents filling out your forms. GDPR provides guidelines for secure data handling and privacy protection for businesses interacting with customers based in the EU. By ensuring that form respondents have a greater say in how their data is collected and used, Zoho Forms uphold their fundamental right to data protection.

Why GDPR compliance matters for your online forms

Stay Legal

Avoid hefty fines of up to 4% of annual global turnover

Build Trust

Show users you prioritize their data protection

Reduce Risk

Minimize potential data breaches and protect your reputation


Clearly communicate how user data is used.

Uphold Rights

Ensure individuals can access, modify, or delete their data.

Ethical Business

Respect and safeguard user data.

Who is covered by GDPR

The GDPR covers all residents within the EU, and every organization that provides services or products to people who are in the EU, irrespective of the location of the processing.

What is personal and sensitive information

Personal and sensitive information refers to data that can identify or relate to an individual. This can range from basic identifiers like name and email to more sensitive details such as race, health status, or religious beliefs. The General Data Protection Regulation (GDPR) mandates that businesses handle this data with utmost care, ensuring its protection and granting individuals rights over their data. Online applications under the GDPR must ensure they not only protect this data but also empower users with control over their information.

The three essential roles

Under GDPR, the people interacting with form data fall into three categories:

  • Data Subject

    refers to the form respondents who fill and submit the forms.

  • Data controller

    refers to you, the form maker or form admin. You determine the purposes and means of collecting and processing personal data.

  • Data processor

    refers to us, Zoho Forms. Based on your instructions, Zoho Forms will process the data collected using the forms you create.

Best practices to make your forms GDPR compliant

Zoho Forms has devised several ways to make your forms GDPR compliant, from data collection and processing to managing data subject rights.

For data collection and data processing


    Double opt-in for submissions

    Double opt-in lets your form respondents to confirm their form submission and also provide consent for being added to your mailing list.


    Mark fields as Personal Fields

    Fields marked as personal help you treat any data which can be used to identify your form respondents with a higher degree of sensitivity.


    Encrypt field data

    Mark fields of your choice that need to be encrypted at rest and provide an added layer of security along with Zoho Forms' built-in HTTPS protocol encryption.

For managing data subject rights


    Right to be informed

    Include a Terms and Conditions field.


    Right of access and data portability

    Based on your instructions, Zoho Forms will process the data collected using the forms you create.


    Informing Users

    Use Description field to inform users of sensitive/private data to be collected specific to a form. Use field Instructions to inform users of sensitive/private data to be collected specific to a field.


    Right to rectification

    Enable editing of form responses.


    Right to be forgotten

    Delete data submitted by form respondents if they request it.

Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.