The General Data Protection Regulation (GDPR) is now in place within the EU and pertain to the collection and protection of information.
While your best option is to consult legal counsel, we’ve tried to extract what you need to do in order to make your Kotive published forms (embedded or directly linked and accessibile by non-logged-in users) GDPR compliant.
Shortly, GDPR aims to protect users from unauthorized data collection by requiring explicit consent. If you collect data using Kotive’s published forms then the individual providing the information needs to be aware of it and give permission before any action is taken. GDPR also requires that users are able to request access to their data and have it removed if requested.
Refer to the official sources for more information.
1. Ask for consent (opt-in)
Under GDPR, consent is required for each separate use of an individual’s personal data.
How do you ask for consent?
Add a required checkbox field to your published form such as “I consent to ACME company collecting and storing the submitted data.”. (Don’t include a label.)
The checkbox should NOT be pre-ticked since the user has to explicitly tick to provide consent.
You can add additional information about your terms and/or privacy policy as part of the helptext of the consent field, or alternatively, in a “paragraph” field below the consent field. E.g. We’ll treat the information you provide with respect. Please refer to our website for more information on our privacy practices. By submitting this form you agree that we may process your information in accordance with these terms.
Additional questions that might help you, depending on your intended use of the information you collect:
- Is your intended use of the collected data apparent? E.g. “I consent to ACME company collecting and storing my personal information to provide me with a quotation.”
- Have you given users enough information to consent?
- Are you sending any of the personal information to any third-party services via an integration? E.g. “I consent to ACME company and our third-parties (Sparkpost & DocRaptor) collecting and storing my personal information to provide me with a quotation.”
2. Access to data
Individuals who fill-in your forms have the right to ask you to access personal information you have collected from them.
Verify that the person asking is the person who’s personal information you’re about to send to them.
- Go to your “Live Workflow Reports”.
- Set your “from” date far into the past and your “to” date to today. Click the Refresh button.
- Use the “Customize the table’s columns” popup and select all available forms’ fields. Click “Refresh columns”.
- Use the Quickfilter to find the person based on their personal information, e.g. email address or fullname.
- Once you’ve found their information, enter enough information in the Quickfilter so that only a single record/row is displayed.
- Export the data and then inspect it. Make sure that the exported file does not contain other people’s personal information!
- Send the file to them.
3. Remove personal data
Individuals who fill-in your forms have the right to ask you to permanently delete personal information you have collected from them.
Verify that the person asking is the person who’s personal information you’re about to delete.
- Go to your “Live Workflow Reports”.
- Set your “from” date far into the past and your “to” date to today. Click the Refresh button.
- Use the Quickfilter to find the person based on their personal information, e.g. email address or fullname.
- Once you’ve found their information, tick the checkbox to the left of the row/record.
- Click the “Delete” button and confirm its permanent deletion. The record will be immediately removed from your Report and permanently deleted within the time period specified in our terms.
Design forms that require explicit consent before collecting or storing user data.