GDPR what data do you really need on website forms?

The GDPR (General Data Protection Regulation) comes into force on 25 May 2018 and has implications for a website that collects any personal data as part of its contact process.

If your website has a contact form, or options to sign up for newsletters you will be collecting personal information.  What you need to ask yourself is what information are you collecting, why are you collecting it and how will you store it securely?

Contact forms
Usually ask for name and email; they may also ask for a phone number and most usually have a space to give a subject and some detail of why you are contacting the business.  The personal information is name, email and phone number.

Under GDPR the legal basis for your business processing the personal information supplied by the contact form is to respond.  All the individual has consented to is your business responding to their request.
Unless specified on the contact form, they have not agreed to be added to your marketing or newsletter lists or to have their details passed onto other organisations. We recommend adding in an extra checkbox to collect consent ‘I am happy to receive news updates and promotions / special offers’, with an extra line to reassure website visitors that you will not share their details with any third parties.

Forms to join Newsletter and Marketing lists
Your website might offer sign up for updates and newsletters. If someone chooses to signup they have given consent.  What you need to do is ensure you only collect and process personal data necessary to deliver the updates and newsletters to that person.
Ask yourself what channels do you use for marketing?  If you only send email newsletters, why ask for phone number or postal address?  This additional personal information is not required to send an email newsletter.
If you like to personalise newsletters, you may want to collect a first and last name as well as email address, and it is important to make that clear on the sign-up form.

The GDPR asks businesses; why are you collecting, processing and storing personal information? Your answer should fall into one of the 6 lawful basis for processing personal information.  Find out more at www.ico.org.uk

If you need any help, please contact us on 01926 350926