GDPR Contact form compliance


(Martyn Coles) #1

As a newby hobby user of RW, GDPR seems confusing. I guess there will be lots of GDPR questions and appreciate there may only be a consensus of opinions.

My question is on a simple (non-commercial) website RW contact form, would this cover GDPR requirements?:

“Please note - Any information you supply here will only be used to contact you in response to the email created. No personal information will be passed onto third parties or used for any other purposes. By pressing the Submit button you accept this policy.”


(Rob Beattie) #2

Personally, I’d say that’s a succinct way of making it clear to people what’s going on when they submit a form to your site.

It might be worth adding something along the lines of explaining that the address will be stored in your email addressbook and that they can request it be removed from there at any time.

Rob


(Martyn Coles) #3

Thanks Rob, I done exactly as you suggested.

I wonder if RW 8 will have GDPR options built in even if it’s just a tick box on the contact page to allow the visitor to accept policies.


(Peter Danckwerts) #4

It’s worth pointing out that just getting permission once to store people’s contact details, etc. is not considered to be enough. There is an expectation that you will delete the data or ask permission again, although the frequency is not specified.

On the plus side, the OIC has told a society to which I belong that it does not need permission to hold members’ details because the society cannot function (and members cannot benefit) without this information.


(Barrie McDermid) #5

I have read varied reports on this. Existing Mailing lists can be considered exempt as it could be argued that folk have had several options to unsubscribe. Also the details only affect personal emails meaning business emails are treated differently).

Doubtless someone will be along to contradict me and therein lies the problem. There are lots of courses, lots of blogs and insufficient clarity from the folk implementing the laws.

How many sites still don’t have a cookie notice?

How many sites are still non compliant with the EU VAT laws?

I’m not saying I think the laws are a bad idea, but clarity is a huge problem.

Also, I think the Genie is already out of the bottle as far as our data is concerned.

IN answer to your question though, I’ve put a notice on my contact page. I seriously doubt the EU will be pursuing me any time soon if I’ve got it wrong, as I doubt I’m worth the effort.


(Joel Fletcher) #6

Because of this GDPR stuff, I decided to just ditch my contact form altogether. Instead, I offer my email address, but not in the form of text or a link. The email address is visible in a jpg picture, so robots can’t easily scrape my address. So if someone wants to contact me, they can use their own email software, and my website has nothing to do with the actual contacting. That should be a fully compliant technique I think.


(Joel Fletcher) #7

Another thing regarding contact forms, and indeed any form that collects user information, is that the code for these needs to be updated to be compliant. From what I understand, there has to be a checkbox that verifies that the user understands that their information will be stored. And the form cannot be filled out without checking that box first! That is kind of a turn-off though, and might make people rethink if they really want to use the form at all.

The point is, any vendors that sell forms for Rapidweaver should probably update them to be GDPR compliant.


(Will Woodgate) #8

I ditched contact forms a while ago because of the simple problem of users mistyping their email addresses. So I might spend ages composing a reply, only to get it bounced back again because the address did not exist! But contact forms are still valuable for other tasks. Instead of making your email address an image, have you tried obfuscation?

Then your email address is still easy for people to click on, but spam bots find it nearly impossible to see. This is still by-far one of the best anti-spam measures in my book. Used it for years and get virtually nothing through in the way of spam.

That’s interesting to hear, I’d not heard of that one before. I knew that the privacy policy had to make mention of contact forms and how long you store content for. But I did not know about actually ‘wiring’ a confirm checkbox into the form and getting consent.

Well I can easily update CompactForm to include that. Would it be handy if I wrote some Javascript code that could let you do something similar with the RapidWeaver contact form too?


(Joel Fletcher) #9

Hi Will. I did try obfuscation in the past, but heard that the method was being outwitted by some robots. Good to know it works for you, maybe I will try again.

Regarding the checkbox on forms, that is what was recommended on several sites when I was researching the matter. There is a lot of varying statements about compliance with the new law, so you should probably find out if that is really considered mandatory before writing any new code. But some people might want the option of that feature. However, personally I am avoiding forms on my site, as I don’t really need them.


(Will Woodgate) #10

Here’s a pure CSS solution for the RapidWeaver contact form (might work for other form addons too):

/* Default State */
input[type=submit] {
     display: none !important;
}

/* User Consented State */
input[type=checkbox]:checked ~ input[type=submit] {
     display: inline-block !important;
}

Copy and paste this CSS code into the Custom CSS box in the page inspector or your theme custom.css file.
No further modification needed.

I thought that as we’re in the mindset of trying to reduce dependencies on things like jQuery calls, a pure CSS solution might be ideal to try first!

This should hold-up fine in any browser newer than IE8. It assumes the contact form contains a single checkbox option. If the form already contains checkboxes, you might need to modify the code some more to target a specific checkbox or introduce some jQuery. It simply starts with the submit button hidden, then switches the button state to inline-block when the checkbox is checked.

Or try the premium-deluxe variant with loading animations on the submit button!

/* Default State */
input[type=submit] {
     opacity: 0;
     margin-top: 10px;
     transition: all 500ms ease-in;
}

/* User Consented State */
input[type=checkbox]:checked ~ input[type=submit] {
     opacity: 1.0;
     margin-top: 0;
}

Yes it probably would be possible for somebody to open the web inspector, view the source code, and by-pass this simple verification if they really wanted to. But I don’t honestly think that would be your problem to deal with. If you are demonstrating to the GDPR gods that you are asking for verification from the user, then that should be suffice.

Hope this helps you and anybody else. I will try to get something similar added to the CompactForm stack too.


(Rob Beattie) #11

I’ve just implemented this on an RW contact form and it’s much more elegant than what I was planning to do. Works great on mobile as well.

Many thanks Will!

Rob


(Martyn Coles) #12

I’m sure I’m missing something (story of my life) but, I’ve pasted this as instructed in the page inspector CSS and yes the submit button disappears, the problem is I get no check box.


(Rob Beattie) #13

You have to add a single checkbox yourself - just as you would normally in the settings for the page type.


(Martyn Coles) #14

Thanks Rob, that sorted it :grinning:

I have to say this is a simple solution to my OP. Thanks Will :+1:


(Rob Beattie) #15

Since @Doobox isn’t saying it here, Gary has just updated his excellent HTML Contact From stack to include an opt-in tick box for those of us wishing to take a stab at GDPR-compliance.

Makes an already good stack even better.

Rob


(Martyn Coles) #16

As a non coder, but willing to learn :wink: is there an easy way add a tool-tip or popup to the RW contact form so that when text (for example) “Email Policy” is hovered over with a mouse the actual email policy shows without sending the user to a new page?


(Rob Beattie) #17

Hi Martyn,

I’m not sure that would be such a good idea, especially on mobile devices. Why don’t you want to link to a separate page?

Rob


(Martyn Coles) #18

Rob,

I hadn’t considered mobiles in my thought process :roll_eyes:.

My concern is, if a visitor has already filled in the email form and clicks a link to read the policy on another page, what they had entered on the previous page may then be lost.

If there is no responsive solution I suppose I could just have the policy in the footer of the email page.

Martyn


(Rob Beattie) #19

Will’s bit of code - see earlier on in this thread - works well with the Contact Form. It forces visitors to ‘tick’ a box before it’ll display the Send button. Just copy and paste the code into the Custom CSS box in Settings.

Rob


(Martyn Coles) #20

Yes, I’ve already implemented Will’s code and it works well. Just before the tick box I have “I agree to the email policy”. It would be nice to afford the user easy sight of the policy before they tick the box.

Martyn