A step by step tutorial on how to make your Contact Form 7 GDPR Ready.
Follow the written steps below or the graphical steps on the right.
The data that is protected by the GDPRegulation is all information about an identified or identifiable person. This can be his name, address, e-mail, but also a cookie, photo or ip-address. When you can use the data to find out who the person is, it is personal data and therefor protected by the GDPR.
When you want to store this data you need to have demonstrable permission from the person to collect his data and he needs to have the ability to view his stored data, adapt, remove and transfer it. The plugin will take care of the capability to view, adapt, remove and transfer personal stored data. But you will need to make your forms compliant.
So how can you do this?
First you need to check wether you need the personal data or not. If not, simply don’t store it. This eliminates any question of GDPR compliance.
However the purpose of most forms is to collect personal data and you’re responsible for letting the user know what data will be stored, how, where and for what purpose. In order to do this you can follow these steps.
- To use the plugin you need to tell it which data you want to collect and which fields are personal data. The email and phone field are clear and will be stored as personal data. However name is created with a text field. In order to tell the plugin the text field collects a name, you need to update the ‘GDPR personal data type’ and in this case set it to name.
- To inform the user of the data you collect and ask for his consent you need text and a Checkbox field.
- Request consent in the Checkbox field and make it a required field
- Your Contact Form 7 is now GDPR Ready.
This setup prevents data from being submitted unless consent is explicitly granted.
DON’T FORGET TO ALWAYS ASK FOR EMAIL-ADDRESS! This is the unique identifier used by the plugin.