WPForms Documentation

Documentation, Reference Materials and Tutorials for WPForms

How to Create GDPR Compliant Forms

Do you need to check that your forms are compliant with the European Union’s General Data Protection Regulation? The best way to ensure GDPR compliance for your specific site is always to consult legal counsel. In this guide, we’ll discuss general considerations for GDPR compliance in your WordPress forms.

Note: This article contains general information. However, in all circumstances we strongly recommend you consult directly with legal counsel familiar with the GDPR regulations to review your specific use of WPForms.

What is the GDPR?

The GDPR, or General Data Protection Regulation, is a set of data collection regulations in the EU (effective as of May 25, 2018). Requirements under GDPR include requiring explicit consent before collecting or storing user data, as well as allowing the user to request access to or deletion of that data.

For full details, please see this official guide to GDPR.

Best Practices for GDPR Compliance

While your specific site may require unique considerations that should be addressed through legal consultation, there are a couple adjustments most sites can make to improve compliance with GDPR.

Ask for Consent

Before collecting or storing user data under GDPR, you would need to request their consent. The easiest way to do this is by adding a checkbox to your form.

To do this, first create a new form or edit an existing form. Then, add a Checkboxes field to this form.

Add a checkbox to your form

Next, we need to delete all but one checkbox option from the Checkboxes field. After clicking on the new field to open its Field Options panel, you’ll be able to click the (minus) buttons to delete extra checkboxes.

Delete extra checkbox options

Once you have just one checkbox option left, you can add text for user consent. For this example, we’ll add “I consent to Example.com collecting and storing my data from this form“.

Last, we’ll delete the field label content and check the Required option. By requiring this checkbox, the form will not be allowed to submit unless the user grants this permission.

Complete set up for consent checkbox

Be Prepared for Entry Data Requests

Under GDPR, users can request access to their entry data at any time. While your site may need to take additional considerations into account, one way to prepare for this is to provide an easy way for your users to submit these requests.

For example, you may consider adding a data request form to your site’s privacy policy page. Or, you might add this option within your site’s contact form.

To delete entries, go to WPForms » Entries and select the form you need. Then check the box for any entry you’d like to delete and, within the Bulk Actions dropdown, select Delete.

Delete entries from your site

Note: Once you’ve deleted an entry, it will be completely erased from your site’s database.

If you’d instead prefer to delete all entries for a form at once, our Delete All option provides a quick and easy option.

For more details on entry management for your forms, please see our complete guide to form entries.

That’s it! We hope this guide helped you to begin creating GDPR compliant forms for your WordPress site.

Next, would you also like to customize your form’s notifications? Check out our tutorial on setting up automatic form notification emails for all the details.