Understanding GDPR
GDPR is a regulation designed to enhance transparency, access, and control over personal data for individuals, including respondents filling out your forms. GDPR provides guidelines for secure data handling and privacy protection for businesses interacting with customers based in the EU. By ensuring that form respondents have a greater say in how their data is collected and used, Zoho Forms uphold their fundamental right to data protection.
Why GDPR compliance matters for your online forms
Stay Legal
Avoid hefty fines of up to 4% of annual global turnover
Build Trust
Show users you prioritize their data protection
Reduce Risk
Minimize potential data breaches and protect your reputation
Transparency
Clearly communicate how user data is used.
Uphold Rights
Ensure individuals can access, modify, or delete their data.
Ethical Business
Respect and safeguard user data.
Who is covered by GDPR
The GDPR covers all residents within the EU, and every organization that provides services or products to people who are in the EU, irrespective of the location of the processing.
What is personal and sensitive information
Personal and sensitive information refers to data that can identify or relate to an individual. This can range from basic identifiers like name and email to more sensitive details such as race, health status, or religious beliefs. The General Data Protection Regulation (GDPR) mandates that businesses handle this data with utmost care, ensuring its protection and granting individuals rights over their data. Online applications under the GDPR must ensure they not only protect this data but also empower users with control over their information.
The three essential roles
Under GDPR, the people interacting with form data fall into three categories:
Data Subject
refers to the form respondents who fill and submit the forms.
Data controller
refers to you, the form maker or form admin. You determine the purposes and means of collecting and processing personal data.
Data processor
refers to us, Zoho Forms. Based on your instructions, Zoho Forms will process the data collected using the forms you create.
Best practices to make your forms GDPR compliant
Zoho Forms has devised several ways to make your forms GDPR compliant, from data collection and processing to managing data subject rights.
For data collection and data processing
Double opt-in for submissions
Double opt-in lets your form respondents to confirm their form submission and also provide consent for being added to your mailing list.
Mark fields as Personal Fields
Fields marked as personal help you treat any data which can be used to identify your form respondents with a higher degree of sensitivity.
Encrypt field data
Mark fields of your choice that need to be encrypted at rest and provide an added layer of security along with Zoho Forms' built-in HTTPS protocol encryption.
For managing data subject rights
Right to be informed
Include a Terms and Conditions field.
Right of access and data portability
Based on your instructions, Zoho Forms will process the data collected using the forms you create.
Informing Users
Use Description field to inform users of sensitive/private data to be collected specific to a form. Use field Instructions to inform users of sensitive/private data to be collected specific to a field.
Right to rectification
Enable editing of form responses.
Right to be forgotten
Delete data submitted by form respondents if they request it.
Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.