If you are using forms on your website to gather information from people then there is a clear need to gather their consent to do so. No longer is the fact that the form is filled in by the subject deemed to be consent in and by itself. The GDPR now make it necessary that a clear affirmative action (such as ticking a box) must be taken by the data subject to indicate that they understand that their data is being given for a set purpose.
Countdown To GDPR Compliance
A Separate Consent For Everything
Where you have a standard contact form that collects just basic information such as the subjects name, email address and their query then it is advisable to also include a mandatory tick box. This tick box should indicate that, by filling in the form, the subject understands that their details are being collected for the purpose of answering that query. If you also wish to use the information provided by the subject to add them to your mailing list for example, then a separate tick box is required for that, showing that they agree to this also.
Each and every form that appears on your website must have these consent tick boxes added to them in a clear and unambiguous way, stating clearly what the person is giving their information for. In this way it would be advisable to have separate forms for different purposes, for example having one for general enquiries and a completely separate one for you mailing lists etc.
As mentioned in my post on Cookie Control, Article 4 of the GDPR gives some insight on this:
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
While it is still allowed to incentivise the gathering of this information, (such as giving discounts if they agree to be added to your mailing list), it is not permissible to punish them in any way for withholding consent, (like not selling them something because they don’t join your list).
- What GDPR Means For Website Owners
- The Importance Of A Terms Of Use Policy For Your Website
- GDPR The Necessity of Adding a Privacy Policy to Your Website
- GDPR What Are Cookies and Why Do I need a Cookie Notice On My Website
- Cookie Control – The Right to Choose
- Add A Consent Tick Box to Your Data Gathering Forms For GDPR Compliance
In essence the data subject needs to:
- be informed of every purpose that you intend to use their details
- freely and knowingly give consent for every purpose you wish to use their details for
Disclaimer: GDPR is a serious topic and can have financial & legal ramifications for business owners that do not correctly comply. As I am not a legal professional I make no claim that this article or subsequent articles definitively covers everything that website owners should know, as such I would highly recommend that you do further research on the topic and seek legal advice should you deem it necessary. You should not rely on the contents of this article as legal proof of anything and I accept no responsibility or liability for its accuracy.
BOOK A FREE NO OBLIGATION CONSULTATION
Have a new business idea or want to totally revamp your website into something that better suits your business?
I am here to help!
I offer a once off free no obligation consultation where we will take a deep dive into your current website, discuss how it is, and more importantly, how it is not performing for you and come up with a solution that better suits your needs.
Fill out the form and I will get back to with ASAP.
CREATE108 WEBSITE DESIGN SERVICES
Web Design Services
- eCommerce Development
- Brochure Website Development
- Catalogue Website Development
- Fully Device Responsive Design
- SEO Set Up
- 12 Months Free Hosting
- 12 Months Free Site Maintenance
- GDRP Compliance Including Free Professionally Written GDPR Privacy Policy (READ MORE)
- Image Optimisation
- Brand Design/ Brand Continuity Adherence
Serving your needs
- Jargon Free Professional Website Design
- Free Consultation & Development Plan (BOOK NOW)
- One to One Service (No Middle Men)
- Content Checking
- Ongoing Consultation Throughout The Project
- Pre-Launch Support
- Post Launch Support
- Search Engine Registration (Google & Bing)
- Google Analytics Set Up
- LEO Online Trading Voucher Support and Guidance (LEARN MORE)
"When you work with me you work only with me, I don't outsource my websites and don't use third party middle men. All my clients get my dedicated attention through every stage of the design process and beyond."
Keith Byrne - Create108.ie
Learn More
100+ happy clients. These SME’s, Start Ups & Established Businesses trust me to design for them & you can too…
