The Ultimate GDPR Forms Are Here
We cover all the GDPR bases. For real.
Remember 2018, the birth of every marketer’s nightmare, GDPR?
Well, GDPR is still here, it hasn’t changed, and it’s not about to leave the party.
GDPR is as essential today as it was in 2018, you have the responsibility to make sure the data your forms collect is secure. And not just any kind of secure, but GDPR-abiding secure.
What Is GDPR?
GDPR is the widely-used acronym for the “General Data Protection Regulation”, a set of legislative norms released with the purpose of protecting user data privacy in the European Union (EU). The same set of rules also addresses the export of data outside of the EU and it has been effective from May 25th, 2018.
That’s the short story.
The long story is a set of 99 legal articles covering pretty much everything companies should do to ensure the protection of personal data. We highly recommend that you read it all and make absolutely certain you abide by it, because there are actual legal consequences to not doing so. You can find it all here. Read it and make it your business’ data privacy sacred book. Then buy yourself a present for getting through all of it.
Who Is Affected by GDPR?
In short, everyone. If you run a business in the EU, you are without doubt affected by GDPR.
If you run a business outside of the EU (in the US, China, Oceania, or any other place on Earth), you are affected by GDPR too, because sooner or later, someone in the 28 countries in the EU will land on your site. You can’t stop them, they’re always clicking and surfing.
If you don’t run a business and you’re just someone wandering the internet, you’re also affected by GDPR.
In other words, all entities involved in data collection are affected by GDPR: consumers, businesses, SaaS companies, and everyone in between.
Oh, and by the way, the definition of data collection is pretty broad in GDPR terms, so if you think you’re not collecting data, make sure to triple-check the GDPR handbook again because chances are that you are somehow collecting information from the users landing on your site. Just to give you an idea of how broad “data collection” is as a term, some examples of personal information include but are not limited to:
- Names
- Identification numbers
- Location data
- Email addresses
- Home addresses
- Phone number
- Any kind of personal data about your customers, employees, stakeholders, collaborators, and so on
- Cookie information collected via browsers and other online identifiers
TL;DR: Everyone is affected by GDPR, nobody escapes it unless they live in a cave, on a mountain, with no access to the internet whatsoever. And if you’re reading this page from a cave, you’ve got amazing WiFi.
Build GDPR Compliant Forms
Online forms are, by their very nature, data collection tools.
So there’s no way they can escape GDPR. All forms should be GDPR forms.
This is specifically why 123 Form Builder has taken all necessary steps to make sure our forms are GDPR-compliant. We’re a GDPR form builder and our customers like this:
GDPR gave us a chance to really review everything and that’s what led us to 123 Form Builder. I needed a piece of software that allowed people to upload video, images, and documents to us safely, and that’s why we came to 123 Form Builder. In addition to that, 123 Form Builder offered us two-step authentication which was not an option for other form builders out there.
How EXACTLY Does
123 Form Builder Handle GDPR?
Before we dive deeper into how 123 Form Builder handles GDPR compliance, please keep in mind that GDPR compliance responsibility falls on you, the customer, us, the form builder, and your form respondents as well. More about this below.
Impact of GDPR for 123 Form Builder Customers
GDPR is a three-party party. The responsibility of abiding by GDPR legislation falls on everyone:
123 Form Builder as the “Data Processor” (we’re using GDPR terminology)
123 Form Builder customer as the “Data Controller”
Respondents as the “Data Subjects”
Both the Data Processor (us) and the Data Controller (you) have the ultimate responsibility to offer maximum protection for the Data Subject’s rights on the privacy of their personal information. Just as a reminder, those rights are:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
123 Form Builder’s commitment to GDPR
We are a GDPR compliant form builder because we are doing everything on our end to ensure the protection of the personal data flowing through our forms. As mentioned above, data protection is not our sole responsibility, and our customers have their own part to play in it.
What we do, more specifically:
We have performed an in-depth analysis of our processes, systems, and contracts to make sure they all offer the level of data privacy required by GDPR.
Like, for example, we have set up:
- Procedures on how we buy and maintain our hardware and software
- Procedures on how we manage incidents
- Procedures on how we control access to our network
- Procedures on how we maintain the security of our network
- What our official objectives are with regards to data security
- We have implemented new features and processes to assure our compliance with the requirements.
- We have identified our obligations and our customers’ obligations and we have documented everything so that it is easier for our customers to comply with the GDPR requirements.
- All 123 Form Builder employees have been trained to uphold data protection standards. Moreover, we repeat these training sessions periodically to ensure the level of data protection we offer is the best and most up-to-date possible.
What Customers Have to Do to Make Their Forms GDPR Compliant
The steps necessary to GDPR compliance are different for different companies (depending on the business scope, the type of product, how it collects information, and a variety of other factors).
However, what we advise our customers to do is:
- Familiarize yourself with GDPR and its requirements.
- Read, re-read, and then read the regulations again.
- Analyze your business processes, systems, the ways you process personal data, and check if they meet the GDPR requirements (as per all the reading performed during step #1 above). If they don’t meet the GDPR requirements, make a plan to address the issues.
- Review your obligations as a Data Controller on the 123 Form Builder platform (and keep in mind that what you do with the data you collect in your forms is your responsibility).
- Download the 123 Form Builder GDPR whitepaper, which should help you gain a deeper understanding of everyone’s role in GDPR compliant forms.
- Sign our Data Processing Addendum, as described and provided in the following section of this page.
- Create your forms in 123 Form Builder, making sure they follow GDPR regulations and some of the best GDPR form best practices, including:
- Allowing users to correct, update, or ask for the deletion of their personal data.
- Enable the “Edit Submission” feature on your forms.
- Send a copy of the completed form to the sender (using the 123 Form Builder Notifications system)
- Include your contact details on the form and allow form submitters to contact you whenever they want.
- Make sure you are familiar with the “right to be forgotten” law. In essence, what this law implies is that users have the right to ask you to delete their personal information, and you should make it very clear to them how exactly they can do that. This information should be included in the Privacy Policy statement (as described in the third bullet point below.
- Use multiple-choice fields to ask for the explicit consent of the form submitter for you to use their data (which means, collecting the data, storing it, and processing it).
- Explain why you are collecting personal information.
- Ask for as little information as you possibly can. For instance, do not ask for ID/ Passport information unless this is absolutely necessary.
- Add a link to your terms of service to list all your Privacy Policy points, as well as other legal details. Do not use the default choice option, as the checkbox needs to be ticked by the user (to show their explicit consent in you processing their data). An example of how you can do this is here (this is our Privacy Policy statement for those situations when we act as a Data Controller, as explained in the “123 Form Builder as a Data Controller” section below).
- Enable the Reference ID feature on your forms to make sure you can efficiently track your users’ submissions.
For more information on how to ensure GDPR compliance on your 123 Form Builder forms, kindly check out our Knowledge Base piece on this or contact us at gdpr@123formbuilder.com. We’re here to help you stay on the legal side of GDPR (and protect your users’ personal information as a result of your GDPR compliance).
Data Processing Amendment (DPA)
The Data Processing Addendum is a necessary step to ensuring GDPR compliance on your forms. Please download our DPAs (US Server / EU Server) if your business is established in the European Union (EU) or subjected to GDPR
Review, countersign and return the DPA document to gdpr@123formbuilder.com. Starting with the day you sign and send us the DPA, it will become part of your 123 Form Builder subscription documents.
EU and US Data Centers
Our entire platform is GDPR-compliant. If you want to reinforce data protection for the forms you create on 123 Form Builder, however, do not hesitate to sign up on our EU platform.
Also, it is important to note that our servers are hosted on Amazon AWS and you can choose to locate your servers exclusively in the EU (or exclusively in the US) to ensure absolute GDPR compliance by not allowing your customers’ data to get outside of the EU.
123 Form Builder as a Data Controller
In certain situations, 123 Form Builder will create forms for public usage. In these circumstances, 123 Form Builder will act as a Data Controller. Please read our GDPR note in Romanian and/or English here.
GDPR Compliant Form Templates
In addition to putting in place systems and procedures that ensure GDPR compliance on our end and in addition to helping our customers achieve GDPR compliance on their end by enabling them to use the correct features in this direction, we also come forward with a series of templates that can be easily adapted to GDPR regulations.
Whether you are looking for a GDPR compliant contact form or a GDPR compliant event registration form, our templates can be adapted to GDPR legislation as per the steps described earlier on this page (under GDPR compliant event registration form).
We have more than 1900 form templates you can use and adapt to GDPR, including
…And more.
Connect Your GDPR Forms with Your Favorite Tools
You want your data collection processes to meet at least three main requirements:
To be easy to set up
To be compliant with data collection regulations
To be accurate and allow you to avert human error as much as possible
Our forms are more than easy to set up, and, as shown throughout this page, our platform is also GDPR compliant.
How about accuracy and avoiding human errors?
Well, 123 Form Builder is integrated with more than 80 tools used by marketers, project managers, developers, and Human Resource professionals. That means your data can automatically flow from 123 Form Builder forms directly into your favorite tools, including (but not limited to):
Collect Data, Securely
We take data security very seriously. We’re not only GDPR compliant on all grounds, but we are also:
- HIPAA compliant
- ISO 9001 certified
- ISO 27001 certified
We periodically perform internal security audits and double-lock our data and our customers’ data by taking all cautionary measures to ensure leaks, breaches, and system failures are averted. Because we genuinely care about data privacy and we have made it an integral part of our entire business model.
