Contact forms GDPR 2020: What needs to be done on your website?

As a search engine optimisation agency in Vienna, we see it as our task not only to ensure top rankings, but also to advise our customers on data security. After our first article on how to integrate YouTube videos into your website in compliance with the GDPR, this time we will be discussing another important topic relating to the new EU data protection regulations - the contact form and the GDPR.

GDPR for contact forms - understanding the problem:

When you fill out a contact form on a website today and press send, the following technically happens:

• The website contacts the email service and wants to send the message.
• This email service sends the message to the recipient (website owner)
  
  

Servers save all activities and data in a so-called log. Now let's think about where the data you enter is stored

• The website host has your data in its server log (e.g.: A1.net, World4you, etc.)
• The e-mail service for sending messages (e.g. Office365, Wordl4you Mail, etc.)
• The email service for receiving the message (e.g. Office 365, GMail, Gmx, etc.)
  
  

As a person, you do not know what happens to your data afterwards. Will you receive newsletters afterwards? Will your data be sold on? Until now, this was possible - at least in theory.

The General Data Protection Regulation addresses this problem.

GDPR solution for contact forms

The solution is relatively simple. You must implement the following points with regard to the General Data Protection Regulation for contact forms:

1. Your website must have an SSL certificate (HTTPS)
2. Your website must send emails via SMPT or TLS
3. Include a privacy policy
4. Add a note to your contact forms:
   1. What you will do with the data
   2. How long you will store the data
   3. Refer to your privacy policy
5. You need data processing agreements with your host, email marketing service, etc. (Anyone involved in the processing of personal data)

Dein Ansprechpartner:
Florian Prohaska - Co-Founder

Möchtest du mehr Kunden über das Internet gewinnen? Wir können helfen!

• SEO: Sichtbarkeit und qualifizierten Traffic durch gezielte SEO-Strategien
• Google Ads: Effektive Werbekampagnen für maximalen ROI.
• Webdesign: Professionelles Design, das deine Besucher beeindruckt.
• Webshops: Individuelle Lösungen für erfolgreiche Online-Shops.
• Content-Erstellung: Wertvolle Inhalte, die Interessenten überzeugen.

Instructions & helpful information for GDPR-compliant contact forms

Step 1: The first step is to ensure that your website is SSL-encrypted, i.e. get an SSL certificate. We have already prepared two instructions for this:

• Convert Wordpress to SSL
• Switching Joomla to SSL

Step 2: Emails must be sent via TLS "Transport Layer Security". Ask your IT advisor, your email provider or preferably your web administrator about this. This is a very technical topic.

You need an email server, username and password. Here is an example for a better understanding:

On our own website, the contact forms are sent to the user This email address is being protected from spambots. You need JavaScript enabled to view it.. The outgoing server is smtp.office365.com with port 587.

You therefore need the following data:

• Outgoing e-mail server + port
• Username (e-mail address)
• Password
  
  

Once you have received this data, you need to configure it on your website.
With Joomla you can do the configuration directly in the system. To do this, go to System/Configuration under Mailing. Here is the configuration at ithelps.at

For Wordpress you need a plugin called WP Mail SMTP. Here you have your own instructions for Wordpress.

Step 3: Every website must have a privacy policy. Copy our privacy policy template here and add it to your website. Yes, you can copy this 1:1. The basis is the privacy policy of the Chamber of Commerce, with small additions.

Step 4: Write the following sentence below your contact forms:

"The data sent will only be processed for the purpose of dealing with your enquiry. Further information can be found in our privacy policy (link to your privacy policy)".

Step 5: Draw up a contract with your hoster and email provider. You must conclude a contract with all these companies. You can find a sample contract from the Austrian Federal Economic Chamber here.

Note: Many hosters are still in the process of creating ways to handle these contracts with thousands of customers. It is best to get in touch with your hoster.

Add these providers to your data processing directory. You can find more information here.

Do you think this guide could also help your friends and followers? Then share it on Twitter right now.

Was that all for the GDPR-compliant website?

No. But at least an important part of it. Check the blog section of our website regularly. We will soon be providing a complete GDPR checklist.

Further information:

Shopify GDPR-compliant - so you're on the safe side