Do you need to add a GDPR agreement to your forms? A GDPR agreement form field is essential if your website is used by people from the EU or the UK.
In this article, we’ll look at the easiest way to add a GDPR agreement to your WordPress forms. You can use a plugin to stay compliant, and you don’t need to write any code.
What Is a GDPR Agreement?
A GDPR agreement is a checkbox that lets your visitors consent to having their data stored on your server.
In EU law, your visitor is called the ‘data subject’. You can only store information about them if they specifically optin.
GDPR is complicated. As well as a GDPR agreement form for your site, you may also need to create:
- At least one privacy notice
- Cookie popups
- A data processing agreement (DPA) if you use a data processor
- Data retention policies or schedules
- Data protection impact assessments
- And more.
You can use WordPress GDPR plugins to help with this.
The GDPR applies to websites worldwide. That’s because some of your visitors will be EU or UK citizens. So as a ‘data controller’, you need to make your forms comply with the law where they live.
Remember: GDPR rules are more strict than data protection laws like CCPA. If you need more support, we recommend that you get legal advice on the way the General Data Protection Regulation applies to your website.
How to Add a GDPR Agreement Field to Your Forms
Using WPForms, you can easily add a GDPR agreement form field to any form on your website. That way, the visitor can freely give consent when giving you their personal data.
Here are the steps we’re going to work through:
- Install and Activate the WPForms Plugin
- Turn on GDPR Form Agreement Settings
- Create Your Contact Form
- Add a GDPR Agreement Form Field
- Publish Your GDPR Compliant Form
At the end of the article, we added a FAQ to help you with the advanced GDPR options in WPForms. We’ll also explain how to easily erase personal information if you’re asked to.
First, let’s step through the tutorial.
Step 1: Install and Activate the WPForms Plugin
Don’t forget to activate the plugin before moving on to the next step.
Step 2: Turn on GDPR Form Agreement Settings
Before we create any forms, it’s important to turn on GDPR enhancements in WPForms. When we turn these enhancements on, it’ll also enable the GDPR agreement form field.
To start, go to WPForms » Settings. You should see the General tab is open.
Scroll down and click the GDPR Enhancements checkbox.
When you click the checkbox, you’ll notice that 2 new options appear underneath.
For now, we don’t need to worry about Disable User Cookies or Disable User Details. Let’s leave those blank and come back to them at the end of the article.
Let’s move on and create a GDPR compliant contact form.
Step 3: Create Your Contact Form
WPForms makes it easy to make any kind of form for your website. In this example, we’ll create a contact form with a GDPR field.
First, let’s click WPForms » Add New.
When the form builder opens, go ahead and type in a name for your contact form at the top.
Next, scroll down a little and click on the Simple Contact Form template.
You can see that we already have the fields we need for our basic form:
- Comment or message
If you want to add more fields, you can drag them from the left hand panel to the form preview on the right. Keep adding fields until your basic form is set up the way you want it.
Step 4: Add a GDPR Agreement Form Field
WPForms makes it easy to make any form GDPR compliant. It has a special GDPR field that you can add to any form.
This form is different from a regular checkbox field. If the GDPR agreement is not ticked, the form can’t be submitted. And the checkbox can’t be pre-selected. This is important because consent has to be ‘freely given’.
To add a GDPR agreement field, all you need to do is drag it from the list of fields on the left and place it onto your form.
The GDPR agreement field already has a label and some agreement text. If you want, you can customize the GDPR agreement field by editing the wording.
And that’s it! Go ahead and click Save to save your progress so far.
Now let’s publish your contact form.
Step 5: Publish Your GDPR Compliant Form
Now we have a GDPR compliant form, let’s publish it on your website.
WPForms makes it easy to publish forms on any post or page. We’re going to show you how to create a new contact page for the form in this example.
At the top of the form builder, click the Embed button.
You’ll see a popup open. We’ll click Create New Page here.
And finally, let’s type in a name for your page.
All set? Click Let’s Go.
WPForms will automatically create a new page. You’ll see your contact form already embedded into it.
Let’s click Publish to publish the page.
And that’s it! Now you have a contact form with a GDPR agreement field.
You can repeat the process to easily add GDPR agreement fields to any form on your website, so you can be sure they’re all compliant with the GDPR.
FAQ on GDPR Forms and Compliance
The powerful GDPR controls in WPForms can help you to comply with privacy laws in different ways. In this section, we’ll look at the advanced settings in the plugin.
How to Disable Cookies in WPForms
Under the General Data Protection Regulation, you need to let visitors choose whether they want to accept cookies.
Cookies are small files that track:
- Site settings
- And more.
To give your visitors control, WPForms integrates with the Cookiebot plugin. It lets visitors easily accept or reject different types of cookies on your site.
If you want to disable all cookies on your forms, you can do that too. This will turn off the WPForms UUID, or Universally Unique Identifier. The UUID doesn’t contain personal information, but it’s used for some features in the plugin.
To turn off cookies on all forms, you’ll want to head to WPForms » Settings. Remember the 2 checkboxes we saw at the start?
Let’s click Disable Cookies.
Now WPForms won’t track your visitors using the UUID.
Keep in mind that WPForms needs cookies for some features, including:
- Linking entries from the same user in the Entries section of the plugin
- Tracking abandoned forms with the Form Abandonment addon
So if you choose to disable cookies in WPForms, those 2 features won’t work.
How to Disable User-Agent or IP Tracking
By default, WPForms collects the visitor’s user-agent and their IP address. This can be helpful if you want to see where your visitors are located, or what browser and device they’re using.
If you want to turn this off, open up WPForms » Settings again. This time, click the second checkbox to Disable User Details.
This will turn off user-agent and IP collection on all of your forms.
You can also turn off user-agent and IP tracking on individual forms if you prefer.
How to Disable Form Entry Storage
Entry storage is a super helpful way to review, manage, and organize form entries from your site. Most people find this helps to keep track of entries, so we recommend keeping it switched on.
But disabling entry storage can be helpful if you want to avoid using a GDPR agreement form field on your forms.
To do that, open up your form and click Settings on the left of the form builder. Scroll all the way down and check the Disable storing entry information in WordPress box.
Disabling entry storage might reduce the risk of a personal data breach. At the same time, keep in mind that you’ll only be able to receive form responses via email.
How to Make Newsletter Signup Forms GDPR Compliant
If your visitors are from the European Union or the United Kingdom, it’s a legal requirement to have compliant email newsletter signup forms.
There are 2 ways to make an email marketing form GDPR compliant:
- Add a GDPR Agreement form field. You can easily drag the GDPR field onto your signup forms so the user has to consent before they subscribe.
- Use a double optin for your email marketing forms. This means your subscribers will get an email confirming that they want to be added to your list. Here’s a guide to double optin vs single optin forms.
We recommend that you get legal advice if you’re not sure which method to choose.
How to Delete Personal Data in WPForms
Under GDPR, data subjects have a right to ask for their personal data to be deleted.
This is called the ‘right to erasure’, or the ‘right to be forgotten’.
If you receive a right to erasure request, WPForms makes it easy to delete the user’s data from your WordPress database.
First head to WPForms » Entries and click the name of your form.
Now you can use the search tools and filters to find all of the entries you need to delete. For example, you can select Name in the dropdown and type in the user’s name to find all of their entries.
When you click Search, WPForms will show all of the matching entries. Select each entry, then click the Bulk Actions dropdown and click Delete.
Repeat these steps with each form on your website.
Here are 2 things to keep in mind if you get ‘right to be forgotten’ requests:
- In WPForms, entry deletion is permanent. Once you delete form entries, they can’t be recovered unless you have website backups.
- You don’t usually need to delete personal data from backups. Most backup plugins will overwrite your old backups automatically over a few days or weeks.
And that’s it! Now you know how to make all of your forms GDPR compliant using WPForms.
Next Step: Export Your Form Entries
Do you want to export your form entries? Maybe you need to use them in a different platform, or analyze your data in different ways.
With WPForms, it’s easy to export form entries to CSV. That way, you can easily archive the data if you need to.
Don’t forget to make your waiver forms too. We published a tutorial on making an online model release form that you can use for inspiration.
Ready to build your GDPR compliant form? Get started today with the easiest WordPress form builder plugin. WPForms Pro includes lots of free templates and offers a 14-day money-back guarantee.