Create GDPR compliant forms without requiring user login

in RSForm!Pro on 20 Apr 2018 having 6
RSForm!Pro GDPR Compliant Forms

In one of our previous posts we provided an easy tutorial on how to implement the GDPR standards in your RSForm!Pro forms. One of the most common questions regarding our post was the possibility to achieve GDPR compliance without having the user create an account, login on your site. In this article we will provide the steps required for this scenario.

1. Quick recap

The GDPR standard is a new legislation that will come into effect in the near future, starting from the 25th of May and is tied to the user information you are collecting through your site. This aims to improve the privacy of each user and offer them full control over their own information on your site.

2. Aligning your form to GDPR

Since the GDPR standard is closely tied to the information you record on your users, one way to circumvent this is to not record any data at all and rely on the component specific emails in order to create a correspondence with your site users.

RSForm!Pro has a feature available that will allow you to not store any submissions data in your database. This is enabled from a simple configuration field available in each forms configuration, Form info - Save data to database, all you need to do is set this to NO and the form will not store any data regarding the user, thus your form will be GDPR compliant.

Although the information is not stored in your database, you can still use the data in the component specific emails (Admin, User and Additional emails). Based on the email used by the user in your form you will have two cases:

First case

The email is not part of the user personal information, this is the case of emails similar to office@domain.com or info@domain.com. Since the email does not refer to a particular individual from that company, it is not considered personal data. In this case you are not required to do anything.

Second case

The email is part of the user personal information, this is the case of emails such as john.doe@domain.com or jane.doe@domain.com. These type of emails specifically point to an individual from the company, thus you will need to remove this information from your inbox if requested. The best way to implement this is to explicitly describe to the user when the form is submitted that his information will be recorded in your inbox for the purpose of starting the correspondence and it can be easily removed upon request. When one of your previous submitting users requests for his email to be removed you will need to manually delete the emails from that particular address personally.

3. Wrapping things up

We hope that this helps shine some more light on the GDPR compliance and its standards. Let us know in the comment section below what you think regarding this implementation.



Subscribe to our blog

Found this article interesting? Subscribe to our blog for more.



Gravatar
Rachel - 04.05.2018 (09:00:54)
Auto deleting emails stored in website Db

I agree that a badly needed feature is the option to automatically delete submissions after x amount of days - with an option to set this to 1 month, 2 months, 6 months, 1 year. This is greatly needed

Quote
1

Gravatar
Catalin Teodorescu - 27.04.2018 (04:23:30)

Quote :
Having the submitted emails stored in RS Form Pro is handy.
But it would be very handy to implement a feature in RS Form that allows you to store this data for a set number of days.
Some sort of auto delete/purge after x number of days.

Hello Andrew,

We have this option on our to-do list :) Stay tuned, we will write on our Blog section about this.

Quote
2

Gravatar
Catalin Teodorescu - 27.04.2018 (04:22:49)

Quote :
Dear RSjoomla Team,
Please do the following ASAP:
1. Integrate the possibility to delete single submissions from the database WITHOUT logging in. How? Do it like a unsubscribe process maybe (user know already how this works). Each submission gets a unique long ID and the user gets a deletion link in the formula sent email. After clicking on the link the user has to confirm the deletion by eg. entering his full email adress.



This functionality has been implemented on RSForm!Pro ( Please read our first post: https://www.rsjoomla.com/blog/view/433-create-gdpr-compliant-forms-in-joomla-with-rsformpro.html )

Quote
3

Gravatar
andrew connell - 26.04.2018 (05:54:17)
Auto deleting emails stored in website Db

Having the submitted emails stored in RS Form Pro is handy.
AFAIK GDPR, doesn't stop you from storing these in the website's database, assuming you cover this in your T&C's, privacy policies, etc.

But it would be very handy to implement a feature in RS Form that allows you to store this data for a set number of days.
Some sort of auto delete/purge after x number of days.

Peter Martin has written a handy CLI script to remove all data older than 1 month: https://gist.github.com/pe7er/47bf1020b12ef29df8603fa80d1fdccd
(Technical info: This script can run automatically if it is added as cron tab on your server)
But I think it would be handy to have this as a feature of RS Form pro

Quote
2

Gravatar
Customer - 26.04.2018 (03:01:12)
Please Act!

Dear RSjoomla Team,

you are making it to easy for yourselves. One major feature of this plugin is to have the possibily to store the data in a database (and export it to excel for example).

Please do the following ASAP:
1. Integrate the possibility to delete single submissions from the database WITHOUT logging in. How? Do it like a unsubscribe process maybe (user know already how this works). Each submission gets a unique long ID and the user gets a deletion link in the formula sent email. After clicking on the link the user has to confirm the deletion by eg. entering his full email adress.
2. Make it possible to ENCRYPT data in the database (maybe AES Encrypt for fields which can be marked as "Personal Data".

Please do it until May 25th. That would make me and other users very happy - and keep us continue to subscribe.

Regards,
A Customer

Quote
0

Gravatar
Brian - 24.04.2018 (05:23:47)
About your blog article \"Create GDPR compliant forms without requiring user login\"

Hello,

Thank you again for providing some helpful insights, ideas, and feedback, relating to the forthcoming GDPR changes that occupying our minds more and more as May 25th 2018 draws near.

Referring to your "First Case" sub-heading above, relating to when users use more generic email addresses like office@domain.com or info@domain.com, I suspect though that if a user includes in their email message information that can identify them personally - such as a full name, postal address, etc., then the GDPR conditions will still automatically come into play.

Though, like most others, I'm not sure about that. No doubt we will all learn more about a month after May 25, 2018.

Quote
-1

1000 Characters left