When it comes to GDPR compliance for websites, making sure your contact forms are compliant is critical. Contact forms—essential for site-user interaction—collect personal data and must meet GDPR requirements. Here’s how to make sure they conform.
Contrary to popular belief, a privacy acceptance checkbox isn't always mandatory. If the form serves only to respond to user queries (with no marketing involved), a checkbox can be replaced with an informational sentence like:
"By submitting this form, I declare that I have read the privacy policy and authorize the Controller to respond to me as expressed in point a and b of the privacy policy."
This statement (with “privacy policy” linked) tells users that their data is processed only to fulfil their specific request. If you do not plan marketing (e.g. newsletters, SMS, WhatsApp, telemarketing) with the data collected, this solution is sufficient.
If you plan to use collected contacts for marketing, you must include an optional, not-preselected checkbox with this text:
"I give consent to receive promotional materials as stated in point c of the privacy policy."
Again, “privacy policy” should link to your full privacy statement.
For a hands-on guide to adding this checkbox, see this article.
To make marketing consent effective, make sure you enable point c in your site’s privacy policy under:
My Agile Privacy > list policy > personal data policy
and activate the marketing consent option there. This ensures point c is visible and active.
It’s important to keep a record of user consent. Regulations do not specify the required storage method; you can save each submission in your site’s database or retain the admin’s notification email.
Another key GDPR requirement for contact forms is handling Google ReCaptcha. While useful against spam, ReCaptcha installs cookies and performs fingerprinting, so must be blocked until consent is granted.
However, blocking ReCaptcha without notice may disable your form input unexpectedly. To avoid this, add this code near your contact form—it displays a warning if the ReCaptcha cookie isn’t accepted. The warning disappears automatically if the user consents.
<div class="map_custom_notify map_api_key_google_recaptcha showConsentAgain" style="display: block;">
Warning: Your Cookie choices may not allow the form to be sent. Click here to review your preferences.
</div>
Here’s how the message will appear:
Want to show custom warning messages if cookies are not accepted? Follow the guide How to customise the My Agile Privacy cookie banner.
Following these steps ensures your contact form is both functional and GDPR compliant.