Yes, it’s been a year since the General Data Protection Regulation is in place.
You probably know all about it – we know we’ve done our research and spent lots of hours making absolutely sure our customers’ privacy comes first. So we’re not gonna bore you with the details about what GDPR means or what businesses it applies to.
But we just want to mention the measures we’ve implemented so that our users have the safest and smoothest form building experience:
- We’ve appointed a Data Protection Officer
- We perform regular training with our staff to make sure we offer the best possible level of data protection
- We offer a DPA (Data Processing Addendum), which represents an extra proof of our data security commitment to our clients
- You decide what communications you receive from us (and can opt-out at any time)
- At any point, you get to know how we use your information, where it is stored and who it is shared with
- You can request we delete your account forever
- Our Customer Care Team is always available for incident management.
All of this means that we are GDPR-compliant and you don’t have to do anything else in the Settings section to enable GDPR compliance on your 123FormBuilder account.
However, while 123FormBuilder is GDPR-compliant, don’t forget it falls on you to implement all the necessary data security measures for your own organization. You are responsible for the way you collect, store and use information through your forms.
Here are just a few recommendations from our part on how to create GDPR-compliant online forms:
Less is more
When collecting information from your website visitors or customers, don’t overdo it. Only gather the minimum necessary data you require. This takes a bit of planning before drafting your form. And it means having shorter forms, as a rule – which is actually great for respondents, too!
Also, don’t store user data longer than necessary and give users full control over it. Be ready to act immediately once the data collection has already served its purpose or the user asks you to delete their account.
Obtain explicit consent at all times
GDPR means the end of pre-filled opt-ins. Your website visitors should give their consent to receive communications by clear affirmative action, like checking a box. Voluntary, specific and unambiguous consent is necessary at all times. One can’t suffer negative consequences due to his/her lack of consent to provide unnecessary personal data (except for a few legally-imposed circumstances).
Use the Terms of Service field
Make sure that your website visitors can easily find your Terms of Service. On that same note, the information you put in there should intelligibly explain how you protect the rights and privacy of your users from unsafe data processing.
Data encryption for the win
While 123FormBuilder uses by default SSL encryption and is always accessed over HTTPS, if you plan on collecting very sensitive data, you can add an extra layer of protection. Secure your form data within your 123FormBuilder account with the data encryption option. This is recommended if you use forms to collect employee personal information, credit card numbers, or sensitive data in legal agreements.
123FormBuilder also offers an enterprise plan compliant with HIPAA, which is critical for any company collecting electronic patient health information.
Hopefully, these guidelines will help. And if you have any questions regarding 123FormBuilder’s compliance with GDPR, feel free to use the form on this page.