In this chapter, we’ll take a look at the practical steps you need to take to make your forms compliant.
One of the principals of gathering personal data under GDPR is data minimization. This means that you may gather only the data you specifically need for a specific processing purpose. So the first thing to do is review all the forms on your website and remove any fields that are not strictly necessary.
If you’re gathering any personal data on the grounds of consent, the next important thing is tracking these consents. Remember – your visitors must also be able to withdraw any consents they have given. How to do this exactly depends on the way your forms are built.
Contact Form 7 Gravity Forms Custom Forms
Your visitors can withdraw each consent they have given on the Privacy Tools page. Depending on your theme, it might look something like this:
You don’t necessarily need to track each consent separately using the plugin. For example, if your visitor signs up to a MailChimp newsletter through your website, you’ll probably want them to use the “unsubscribe” button at the bottom of each email to opt-out instead. In that case, there’s no reason for you to track the newsletter consent or allow visitors to withdraw it from the Privacy Tools page.