How to create a GDPR compliant form

Creating a GDPR compliant form with TypeflowAI

In our Privacy Policy we inform you about your rights and responsibilities using TypeflowAI. A quick recap: You are the data controller of the data you collect from your respondents using TypeflowAI forms and workflows. We are the data processor.

It is your responsibility to create a GDPR compliant form when you collect personal information. What does that entail?

1. Collect consent

You have to collect consent from your respondents to comply with the GDPR framework. The consent must be freely given, specific, informed, and unambiguous. It has to be very clear why you collect personal data, how you intend to use it and if it will be shared with any third parties. The respondent has to be aware that they are giving you permission to use their personal data.

This is usually done with a separate checkbox.

2. Inform respondents about their rights

In the same way we inform you about your rights in our Privacy Policy, you have to inform your respondents about their rights in your privacy policy. They have the right to request all personal data you have stored about them as well as a deletion of it. If they request it, you can delete their submission in your dashboard to respect their right of deletion. The data will be removed from our backups within 90 days.

This is usually done in a Privacy Policy you link to in the form.

Put into practice

You should add a checkbox field to your form to collect opt-in consent from your respondent. The checkbox can not be pre-checked. Make sure to add multiple checkboxes (with explanation), if you're planning to use the personal data for multiple actions. For example:

[ ] I understand that my information is stored according to the Privacy Policy (add link to your privacy policy)

[ ] I would like to receive the monthly newsletter

The seperation allows respondents to fill out your form without having to agree to receive marketing material.