If you host websites that collect personal data from EU residents — e.g., via form submissions or third-party scripts — you have responsibilities as a "data controller." Take the time to understand your responsibilities as a data controller, and take steps to abide by the GDPR. This data protection self-assessment checklist can be helpful.
At Webflow, we subscribe our customers to mailing lists in 2 formats:
- When using subscription-only boxes, as seen in the hero section on our Webflow Community page, or in the Merch Store’s footer. We explicitly state what a subscriber is signing up for. We honor this commitment in order to respect our community and avoid legal liabilities.
- When using forms for other purposes (like lead generation), and using a checkbox for other mailing lists. In this case, we use text to clearly explain what happens when someone checks the box. Be as specific as possible.
Checking for GDPR compliancy
- If you’re creating forms that request personal data in Webflow, clearly request consent, unless another lawful basis for processing applies
- If you’re creating websites for clients who collect personal data on their websites, make sure clients understand their responsibilities as a controller of that personal data
- If you’re using third-party tools (e.g., Zapier) to connect your Webflow forms to external data sources and are sending personal data using those integrations, review your responsibilities as a data controller
- Don’t pre-check checkboxes
- Do include a clear message explaining what someone’s subscribing to