General Data Protection Regulation (GDPR) deals with the collection and processing of data of individuals who reside in the EU bringing the residents of the EU under a much more effective umbrella of protection for their data and privacy. GDPR ensures higher transparency, access and control of personal data of your form respondents. It provides guidelines for secure data handling and data privacy for businesses that deal with EU-based customers. Zoho Forms is equipped to comply with what it takes to make GDPR compliant forms.
Disclaimer: The information presented here should not be taken as legal advice. We recommend that you seek legal advice on what you need to do to comply with the requirements of GDPR.
e GDPR compliant forms.
The 3 terms you need to know with respect to GDPR:
Data Subject: Form respondents whose personal information you collect are the data subjects. They’re the individuals whose data is covered by the GDPR.
Data Controller: The one who creates the forms which collect the data. That makes you responsible for its safe collection, storage and management.
Data Processor: That’s us. We don’t control the data that you collect, but we process it on your behalf.
If you are a B2C company, and you have customers or potential customers in the EU, then GDPR applies to you, even if you are not based in the EU.
Failure to comply with GDPR may carry a heavy price for you and your organization.
Zoho Forms has devised several ways to make your forms GDPR compliant
Double opt-in form submissions
Double opt-in lets your form respondents to confirm via email that they would like to opt in to your form. This gives you a chance to get explicit consent from your respondents for actions involving that form submission, and also helps you ensure that you gather data only from genuine respondents.
Mark fields as Personal Fields
Fields
marked as personal help you treat any data which can be used to identify your form respondents with a higher degree of sensitivity. When you’re involving any of these sensitive fields in third-party integrations and other actions, we’ll warn you so you can be careful not to share personal data accidentally.
Encrypt field data
Mark fields of your choice that need to be encrypted and provide an added layer of security along with Zoho Forms' built-in HTTPS protocol encryption.
Encrypt a field so that its contents are unintelligible to unauthorized people. No one processing or handling this encrypted data can gather any information from it, which provides an added safety net for your customers’ sensitive information.
Right to Access and Rectification
Your form respondents have the right to know how and why their data is being collected and processed, and have access at any time to the data they have submitted and some way to edit it.
Read about:
Sharing a
PDF of form response to the respondent. By providing an edit link in your form submission email, you can also offer respondents a self-service way to exercise their right to rectification.
Right to be informed
It is required to take consent from your respondents.
Note: The decision boxes or fields collecting consent in your forms cannot be pre-ticked. You have to individually state each purpose and type of processing for which you are obtaining consent.
For example, to obtain valid consent to send emails about a new product, respondents should actively check the box saying they would like to receive promotional emails about future products from you while they are filling out your form.
You can add a
Terms and Conditions field to your form and list all the necessary terms in plain language, or add a link to your privacy policy.
You can enable
Double Opt-In feature and send a consent mail to the respondent upon submission. Only after the respondent offers consent will the submitted data be sent for further processing if Double Opt-In has been enabled.
Right to be Forgotten
At any point of time, a form respondent can ask you to permanently erase (or forget) their data from your system. Once the respondent asks, you must comply with their request without any delay.
Right to Data Portability
Your form respondents have the right to export their personal data submitted to you. You have to be able to provide them with that data whenever they ask for it.
Read about:
Right to Object or Restrict Processing
Once you have explicitly told your form respondents about how you intend to use the data they’re submitting, they have the right to object to any part of it. For example, if you have an option at sign up that says you’d like to use the respondent’s data to send promotional emails (which is something that you have to disclose according to the right to access), your respondents can exercise their right to object by not checking this box. In case of any disagreement later, you need to have proof that the respondent provided consent and did not object to your uses of their data. A respondent may request to stop a particular kind of processing, such as receiving promotional emails. Apply a 'Do Not Process' state for the specified form response.
For more information on GDPR Compliance, check out our EBook.
For more detailed information, check out our E-Book on GDPR compliance using Zoho Forms.READ OUR FREE EBOOK