Helpdesk
/
Wp Edition

How to make contact forms GDPR compliant

When it comes to GDPR compliance for websites, making sure your contact forms are compliant is critical. Contact forms—essential for site-user interaction—collect personal data and must meet GDPR requirements. Here’s how to make sure they conform.

Compliant Privacy Wording in Contact Forms

Contrary to popular belief, a privacy acceptance checkbox isn't always mandatory. If the form serves only to respond to user queries (with no marketing involved), a checkbox can be replaced with an informational sentence like:

"By submitting this form, I declare that I have read the privacy policy and authorize the Controller to respond to me as expressed in point a and b of the privacy policy."

This statement (with “privacy policy” linked) tells users that their data is processed only to fulfil their specific request. If you do not plan marketing (e.g. newsletters, SMS, WhatsApp, telemarketing) with the data collected, this solution is sufficient.
standard privacy policy on contact forms

Adding a Checkbox for Marketing Consent

If you plan to use collected contacts for marketing, you must include an optional, not-preselected checkbox with this text:

"I give consent to receive promotional materials as stated in point c of the privacy policy."

Again, “privacy policy” should link to your full privacy statement.
Checkbox for marketing consent in contact forms

For a hands-on guide to adding this checkbox, see this article.

To make marketing consent effective, make sure you enable point c in your site’s privacy policy under:

My Agile Privacy > list policy > personal data policy

and activate the marketing consent option there. This ensures point c is visible and active.
settings to enable marketing consent in privacy policy

Saving the Marketing Consent

It’s important to keep a record of user consent. Regulations do not specify the required storage method; you can save each submission in your site’s database or retain the admin’s notification email.

Managing Google ReCaptcha on GDPR-Compliant Forms

Another key GDPR requirement for contact forms is handling Google ReCaptcha. While useful against spam, ReCaptcha installs cookies and performs fingerprinting, so must be blocked until consent is granted.

However, blocking ReCaptcha without notice may disable your form input unexpectedly. To avoid this, add this code near your contact form—it displays a warning if the ReCaptcha cookie isn’t accepted. The warning disappears automatically if the user consents.

<div class="map_custom_notify map_api_key_google_recaptcha showConsentAgain" style="display: block;">
    Warning: Your Cookie choices may not allow the form to be sent. Click here to review your preferences.
</div>

Here’s how the message will appear:
Message notifying the user when the Google Recaptcha Cookie has not been accepted

Want to show custom warning messages if cookies are not accepted? Follow the guide How to customise the My Agile Privacy cookie banner.

Following these steps ensures your contact form is both functional and GDPR compliant.

Navigazione rapida
rely on our experts for a professional installation service
a Formula Agile SRL project
COE / TAX ID 31366
Via Tre Settembre, 99 - 47891 Dogana - San Marino - RSM
Share capital 26'000€
For assistance: info[at]myagileprivacy.com
GDPR and privacy present complexities that extend beyond achieving website compliance. Compliance obligations span across all business aspects and necessitate expert analysis.
When it comes to implementing Banners and Policies, trust My Agile Privacy—the only solution that excludes unnecessary implementations not mandated by regulations.
Logo CMP partner GoogleLogo CMP partner GoogleLogo CMP partner GoogleLogo IAB Europe approvedLogo IAB Europe approved