If you are using online forms on your website, see our checklist below to ensure you are complying with GDPR:

  • Do you have your Terms & Conditions visible on your website?
  • Do you have an updated Privacy Policy visible on your website?
  • Are your forms asking only the questions relevant in order to fulfil a purpose on behalf of the individual? i.e. if asking for a birth date, is it necessary?
  • When your form has been completed by an individual, where will it go? Can you trace it if required to do so? Where is it stored? (the answers will need to be addressed in your Privacy Policy).
  • How secure is the form? Do you need to encrypt it?
  • Is the form being shared with third parties, i.e. courier companies, an IT company etc. If so, you will need to have a written contract with these third parties in relation to data protection.
  • Has the data subject given consent to each of the pieces of data being requested? Customers must know exactly what they are consenting to and there can be no doubt that they are consenting. You cannot have any pre-ticked boxes assuming consent or yes answers and you cannot assume consent from a blank answer.
  • In your Privacy Policy, are you stating that you will store the data subject’s information for no longer than is necessary for the purpose for which it was collected?
  • Do you allow for the data subject to withdraw consent at any time?
  • Do you have a system in place for sending the data to them if requested?
  • Do you have a system in place for deleting their information at any time?
  • Do you need to appoint a Data Protection Officer (DPO)? (yes, if you are a public authority or body, if your core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or your core activities consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences)
  • If you are obtaining data from underage subjects, you must ensure you have systems in place to verify individual ages and gather consent from guardians. In Ireland, children can consent from the age of 13.
  • N.B. If your form is anonymous and does not collect personally identifiable information on users, your form is not impacted.