How to Create GDPR-Compliant Forms on Your WordPress Site

Looking for a way to create GDPR-compliant forms to stay on the right side of the General Data Protection Regulation (GDPR)?

If you have any kind of form on your website, you’re collecting personal data directly from visitors. Since the GDPR concerns rules for protecting and using this kind of information, you’ll need to make sure your forms meet all the required criteria. Fortunately, this can be simple if you’re using the right contact form plugin.

A brief introduction to the GDPR 🇪🇺

If you haven’t already heard of the General Data Protection Regulation (GDPR), it’s something you’ll want to familiarize yourself with. This EU-based regulation affects all sites that collect any data from visitors inside the EU – which includes just about every website.

In a nutshell, the GDPR was designed to give internet users more control over how their personal information is collected, stored, and used. To do so, it enforces rules for websites to follow, which includes the following:

• You need to know what data you’re collecting from visitors, and have methods in place for tracking and storing it safely (as well as notifying users in the event of a security breach).
• Website users have the right to know what data is being collected, along with how it’s being used and stored.
• Anyone you’ve collected data about also has the right to access a copy of it, and request for it to be permanently deleted.

This is just scratching the surface of what this regulation involves, of course. If you want to learn more, you can check out our complete guide to the GDPR over on the CodeinWP blog.

What it means for your WordPress forms to be GDPR-compliant ⚖️

Based on the last two points above, it should be clear that the GDPR will affect the way your website’s forms are designed. You can’t simply ask for people’s names and email addresses – not anymore, anyway.

Instead, you’ll want to review all existing forms on your site to make sure they aren’t breaking any GDPR rules. In addition, you’ll need to know how to create GDPR-compliant forms in the future. This means:

• Clearly explaining what data you’re collecting and how it’s used.
• Asking for permission before storing submitted information in your site’s database.
• Letting users export or erase their data if they want to.

Exactly how you do this will vary, depending on how your forms were made. However, the simplest solution is to use a WordPress form plugin with GDPR-related features built in. You may even want to consider re-creating your forms with this type of plugin if yours doesn’t offer the right options. This will take a little time, but will be well worth the resulting peace of mind.

In the steps below, we’ll show you how to build GDPR-compliant forms using the WPForms plugin:

Contact Form by WPForms – Drag & Drop Form Builder for WordPress

Author(s): WPForms

Current Version: 1.8.4

Last Updated: September 28, 2023

wpforms-lite.1.8.4.zip

98%Ratings 5,000,000+Installs WP 5.5+Requires

Along with enabling you to create customized and user-friendly forms on your WordPress site, this plugin provides a number of handy features to help you meet the GDPR’s requirements. Plus, it’s free to try out.

How to create GDPR-compliant forms on your WordPress site 📃

Before we get started, we should offer a caveat: We aren’t lawyers. What follows is some advice to help you create more GDPR-compliant forms. However, you’ll want to fully review the complete terms of the GDPR as well, and solicit legal advice if necessary.

Also, for this tutorial, we’ll assume that you’ve already installed and activated the free WPForms plugin from WordPress.org.

With that out of the way, let’s jump right in!

• Step 1: Clearly explain your data collection and storage methods
• Step 2: Enable WPForms GDPR functionality
• Step 3: Create your form
• Step 4: Add GDPR Agreement field

Step 1: Clearly explain your data collection and storage methods

As we’ve explained, according the GDPR you’ll need to let website visitors know what you’re doing with their data. The following three points are most important. You need to clarify:

1. What data you’re collecting.
2. How this data is being used.
3. The way you’re storing the data.

You don’t necessarily have to include this information on your actual forms. In order to have GDPR-compliant forms, you just need to make these details easily accessible somewhere on your site. The best place to do this is within your privacy policy, which you can set up using WordPress’ default functionality.

Step 2: Enable WPForms GDPR functionality

Once you’ve created or updated your privacy policy, you’ll need to enable WPForms’ GDPR features and enhancements to get started with your actual form.

You can do this by going to WPForms → Settings and checking the box for GDPR Enhancements. Make sure to save your changes after:

Step 3: Create your form

Next, you’ll need to create your form. You can do this using the regular WPForms functionality.

First, go to WPForms → Add New and choose whether to use one of the pre-made templates or a blank slate:

Then, you can use WPForms’ drag-and-drop form builder interface to add new fields or modify existing ones:

Step 4: Add GDPR Agreement field

One of the features that you activated in Step 1 of this tutorial is WPForms’ GDPR Agreement field.

Once you’ve added all your regular form fields, you’ll want to add this field to the bottom of your form right above the Submit button.

It adds a required checkbox that people must fill out in order to submit your form:

If you want to go even further, you can customize the text to include a link to your privacy policy.

To do that, click on the GDPR Agreement field to edit it. Then, edit the Agreement field as needed.

You have the ability to add HTML here, so you can use the code below to include the link (just make sure to replace the example link with the actual link to your privacy policy):

I consent to having this website store my submitted information so they can respond to my inquiry. Learn more in <a href="yoursite.com/privacy">our privacy policy</a>.

Once you’re finished, you can embed the form using either a shortcode or WPForms’ dedicated block for the new block editor (AKA Gutenberg).

Using WPForms Pro? Consider these features

The free version of WPForms doesn’t store any form submissions in your site’s database, which makes it quite easy to create GDPR-compliant forms.

However, if you upgrade to WPForms Pro, it includes an option to store form submissions in your WordPress dashboard (as well as other information, like geolocation data).

Don’t worry, though – it’s still easy to create GDPR-compliant forms with the Pro version.

First off, you’ll get two new options in the settings area (WPForms → Settings) where you can configure whether to store user cookies or user details:

You can also configure these on a per-form basis.

When it comes to creating GDPR-compliant forms, your responsibilities don’t stop once data is collected, though. Users also have the right to get a copy of all the information you’ve collected, if they choose to do so. In addition, they need to be able to request that you delete their data.

The simplest way to provide these two options is by creating a separate form just for this purpose with an option for users to request their information.

Then, save the form, and place it somewhere on your site. A logical choice might be on your privacy policy page, and/or your contact page.

Once a user submits a request for their data, you can use WPForms Pro’s Entries area to search for their information and share/delete it:

Conclusion 🏁

Laws like the GDPR can seem intimating at first glance. There are a lot of rules you’ll need to make sure to follow. Fortunately, the creators of many of your favorite website-building tools already know this. If you’re lucky, they’ll provide options to help you ensure compliance with the GDPR easily.

Do you have any questions about how to add GDPR-compliant forms to your WordPress site? Ask away in the comments section below!