GDPR Compliance: How do I create GDPR compliant forms?
MightyForms can help you comply with the consumer data protection rights, whether you are located in or do business in the European Union (EU).
IMPORTANT: This article contains general information only and should not be treated as legal advice. We strongly recommend you consult directly with legal counsel to make sure your website complies with GDPR regulations and your specific use of MightyForms. Consult the official legal text here.
What is GDPR?
The General Data Protection Regulation (EU GDPR) has been in effect since May 25th, 2018. It applies to all companies that process personally identifiable information (or PII) of EU citizens, regardless of whether the company is based, or not, in the EU.
Why is GDPR compliance important?
GDPR’s aim to modernize privacy and data protection requirements for businesses means that users now need to give clear consent for a business to collect their information. Businesses also need to be fully transparent as to why they need the users’ data and how they use it.
If a company or organization is not GDPR compliant, they may face fines of up to €20,000,000 or 4% of global annual turnover, whichever is greater.
How do I create GDPR compliant forms?
When you create your online forms with MightyForms, you can rest assured that a big part of your compliance is done since all forms are encrypted by default. Under GDPR, MightyForms typically acts as a Data Processor, who acts on behalf of the Data Controller, a.k.a. you. As our customer, you have full control over how the data you collect is processed.
Basically, when you create an online form with MightyForms you are responsible for the data you collect. So, if you are a respondent that responded to a form created with MightyForms and you want to request access to the answers you submitted, you have to contact the creator of that form.
How secure is my data with MightyForms?
MightyForms makes sure data is secure and only accessible to those with proper authorization by using end-to-end SSL data encryption and is hosted safely in Amazon Web Services (AWS). On top of that, all of our databases are 256-AES encrypted, we have strict access control policies, routinely check servers and the app for security bugs and breaches. Read more about MightyForms secure online forms.
Can I get a signed Data Processing Addendum (DPA)?
A signed DPA between your company and MightyForms is a convenient way to show that your use of MightyForms is GDPR-compliant. You can request a DPA from our team by starting a conversation through our Live Chat..