Ensure forms are GDPR compliant

Check as complete

If you host websites that collect personal data from EU residents — e.g., via form submissions or third-party scripts — you have responsibilities as a "data controller." Take the time to understand your responsibilities as a data controller, and take steps to abide by the GDPR. This data protection self-assessment checklist can be helpful.

At Webflow, we subscribe our customers to mailing lists in 2 formats:

  1. When using subscription-only boxes, as seen in the hero section on our Webflow Community page, or in the Merch Store’s footer. We explicitly state what a subscriber is signing up for. We honor this commitment in order to respect our community and avoid legal liabilities.
  2. When using forms for other purposes (like lead generation), and using a checkbox for other mailing lists. In this case, we use text to clearly explain what happens when someone checks the box. Be as specific as possible.

Checking for GDPR compliancy

  • If you’re creating forms that request personal data in Webflow, clearly request consent, unless another lawful basis for processing applies
  • If you’re creating websites for clients who collect personal data on their websites, make sure clients understand their responsibilities as a controller of that personal data
  • If you’re using third-party tools (e.g., Zapier) to connect your Webflow forms to external data sources and are sending personal data using those integrations, review your responsibilities as a data controller
  • Don’t pre-check checkboxes
  • Do include a clear message explaining what someone’s subscribing to
Back to checklist

Total progress

Congratulations on making the web a more accessible place. Celebrate your work on Twitter.
Celebration horn and streamer emoji
0 / 0
Hide progress
Show progress