To collect names, email addresses or other personal data from anyone in the EU, you need to use GDPR-compliant forms and practices.
Cognito Forms can help.
Start My Free TrialPlease note: We offer tools and information as resources, but we don't offer legal advice. We recommend you contact your legal counsel to learn how the GDPR affects you.
The General Data Protection Regulation (GDPR) is a set of rules designed to give citizens in the European Union (EU) more control over their personal data. It also addresses the export of personal data outside the EU.
The GDPR applies to organizations located within the EU as well as those located outside of the EU if they offer goods or services to Data Subjects (individuals who are the subject of personal data) who live inside the EU.
Personal data is any information related to a natural person (or 'Data Subject') that can be used to directly or indirectly identify the person. If you intend to collect personal data, you must first obtain explicit consent from data subjects.
Every Data Subject must give their explicit consent through an active opt-in. An active opt-in requires an individual to give their consent through a clear affirmative action, such as ticking a checkbox. Soft or silent opt-ins (such as a checkbox that's already filled in) should be avoided.
You can easily obtain explicit consent on your form using a Yes/No field:
Please note that the GDPR also refers to "special categories of personal data," which require additional security. These include:
Check out our blog post to read our tips on how to design GDPR compliant online forms. Best practices include:
1 user
No guest access
Unlimited forms
500 entries / mo.
Accept payments
100 MB of storage
2 users
No guest access
Unlimited forms
2,000 entries / mo.
Accept payments
1 GB of storage
5 users
5 included guests
Unlimited forms
10,000 entries / mo.
Accept payments
10 GB of storage
20 users
20 included guests
Unlimited forms
Unlimited entries
Accept payments
100 GB of storage