GDPR /RGPD (Portugal) Forms friendly

Good Morning

After being Friday in a long day of training about GDPR, there are some changes that I have to do at some customer sites.

So I’m asking for your help in forms:
Now they may only be submitted if they choose to accept the terms and conditions. And additionally accept that the form contains personal information and that we will use the information only for this purpose that the form asks.

Is there any way to put a validation box or more mandatory that if they not validate the box they cannot submit the form?

Thank you

Unfortunately, The check box option is one of the only form fields in Blocs that cannot be set to required. If it could, you would just add a checkbox and make it required. This way, if it isn’t checked, the form won’t submit. Hopefully, the developers will add this small function in the near future, but for the time being, it isn’t there. A temporary workaround would be to open the HTML file of the form page after export, and add the “required” attribute to the checkbox field manually.

1 Like

@Norm, mee too I would be very happy if you could add this in the next release.

1 Like

The changes with GDRP are really causing headaches, but I wonder if we are making life too difficult for ourselves in many cases, since I gather it mainly relates to large companies with over 250 employees. In terms of web design do we really have to jump through all these hoops when building websites for companies with half a dozen employees at most? Is every individual out there expected to rebuild their sites just in case somebody sends them an email?

I think we may be reading too much into the regulations. For most website owners, there is very little to worry about. Clearly, if someone sends you an email, even via an online form, they are expecting the site owner to respond in some way or another. What is important is what you do after receiving a form enquiry. If the intention is to store the enquirer’s data for future marketing of goods and services, then you may well have to be aware of the regulations and ensure you don’t breach them.

The simple solution is to respond to enquires in relation to the initial enquiry and if that leads to a continuing exchange of emails, then so be it - no-one is going to be prosecuted for this type of activity. However, if you suddenly decide you want to send unsolicited offers to enquirers, or to sell their contact information to others, then you must take appropriate steps to ensure compliance with regulations. The easiest option is to simply ask respondents if they wish to receive occasional offers or marketing material periodically. This can be done in an actual email response.

If the idea of a form on a website is to get people to sign up to a mailing list, simply say so on the form. If people then respond, they have consented to become part of your mail list. The only thing you then have to do is give people an opt-out link on every mail you send them.

The legislation is really intended for the big companies who sell data to third parties. It’s not intended for the average website owner who may wish to give potential clients a simple method of making contact or submitting enquiries to the site.

1 Like

@hendon52 I agree entirely. I have a client emailing me non stop about GDPR and she is a one person business selling digital downloads. Sales go through a billing company, so she basically has no personal data from customers.

She now wants to update the site with masses of legal wording pointing to privacy pages on facebook, twitter and all sorts. Then she wants to contact everybody she’s ever emailed to explain why she still has their email address and whether they consent to her keeping that data, along with the prior correspondence. She’s not alone and all of this is taking up hours of my time.

It’s better than a joint lawsuit including you…:wink:

It looks like the internet is about to become a very dull place, not least because no two people will agree on what is compliant. I can already see lots of web designers saying they are worried about using Google fonts and want everything to be self-hosted, which isn’t currently possible with Blocs I believe.

Strangely enough, I bet all our details in the Who-Is database, including name, address, email and phone number will still be visible after May 25th, even though we haven’t consented to it.

You sure have that right. At My Hosting company everything you might want private is an extra charge. I think the whole concept of “empirical evidence” or “facts” has become clouded.
I try my best to test out or read testing from others that has been performed and how, (my background in statistical qualitative-quantitative analysis), before stating things as fact.
The whole technology thing is a fast moving target. For example not related to your post but the “keyword meta tag” was deprecated years ago. It serves no purpose whatsoever contrary to the thousands of posts that instruct you to place your important keywords in the “keywords” meta tag.
Because I personally knew over the last 18 years or so the Vice Presidents of Search at Google. I had first hand information from the source. It’s been posted by Google themselves numerous times since then. But people still choose to use it. And yes stuffing that little keywords tag can hurt you.
The more important two tags are the meta name Title and description tags. The Title tag is just called Title now. How’s that for off subject sorry. :slight_smile:

I gave up using keywords years ago, knowing that Google completely ignores them and I believe Bing treats them as spam indicators.

What I don’t like here is that clients are potentially going to hold web designers accountable for their own errors if they do something in breach of GDPR and we are now being held to the same standard as international technology lawyers when building a website, which seems wholly unreasonable.

Perhaps it’s just down to this one client who has shredded my nerves here, but I don’t think anybody signed up to be a legal consultant when they started building websites. I’m glad I didn’t go down the reseller hosting route, because that opens a whole other can of worms.

I agree with you! I never (okay one client) bill for hosting. You an be held responsible for just about anything a client may rightfully so feel you let them down on. I know many agencies have it in their contract a clause about not being responsible for changes in technology, hacks, lawsuits etc.

“not being responsible for changes in technology, hacks, lawsuits etc.”

That will be on my terms & conditions page inside 10 minutes :rofl:

1 Like

Thank you for your answers, and I appreciate but, in Portugal there are some GDPR laws exclusively to Portugal, and the 250 employed not applies, every single company that invoices to singular people and not to companies have to be GDPR “friendly”. So in every web site that keep personal information, via forms or contacts or other way have to “explain” before click the send button to where it goes the information, and what we can and cannot do with that information. But I know that this terms not apply in every country. So returning to my initial question @hendon52 can you please explain how to make a checkbox item “required”? Many thanks in advance to all…

1 Like

This is the crazy part in all of this and it was the same with the Cookie law, then later with EU VAT. In theory it’s one law across the whole EU, but then it gets treated differently by every country… Presumably if I had a client in Portugal I would also have to comply with the Portuguese interpretation of the law.

And there is more, if you are a German or Spanish company/website and you have a Portuguese client the German or Spanish company have to comply with the Portuguese law.

Example: Facebook said that they will change their servers from EU to USA, but the regulation have that covered. Article 3 of the GDPR says that if you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements of the GDPR.

It’s already added in the latest Blocs 2.5.3 beta.

1 Like

I think this interpretation of the EU directive is getting a little “over the top”. The directive, which is not a binding legislative act, is designed to protect the interests of people who may provide information to websites which could personally identify the individual. Furthermore, it only applies to websites who SYSTEMATICALLY intend to process or monitor that data on a large scale. For most website owners, this is not the case. For website owners who have the INTENT of gathering and processing such information on a large scale, it is for THEM to seek proper legal advice on how to deal with the issue. This will involve them in disclosing to legal counsel the type and scale of information they intend collecting, and how that information may be processed, stored or made available to third parties. It is not the responsibility of a contracted website developer/designer to ensure compliance with any applicable regulations, in much the same way as it isn’t the responsibility of a Graphic Designer to ensure that their clients printed material meets with the requirements of advertising standards regulations.

The directive as it stands only requires a user to provide “explicit” consent if the data collected is sensitive, personal data. Explicit consent is given by a specific “opt-in” declaration on your forms. For non-sensitive information which is not intended for processing or distribution to others, a simple “unambiguous” consent is all that is required. This can be in the form of simply submitting a form to the website owner with the intention of getting a response of some sort or another. Ultimately, it’s all down to what your form is being submitted for, and what you intend to do with the submitted data once you receive it.

You should also be aware that simple checkboxes alone will not suffice where you need explicit consent. It must be accompanied by a statement on the form of what exactly people are consenting to. As such, a pre-checked tick box may put you in breach of the regulations.

If the intent of the website owner is to collect, process and possibly utilise information submitted for reasons other than responding to a product or service enquiry, then they must state clearly and in unambiguous terms what the intent is. By doing this, site visitors can choose to submit the form, or not. Where specific intent is important, it may even be better to have two submit buttons. One which gives explicit consent to use the data submitted, and one where consent for anything other than a response is denied. In either case, the response to the enquirer should reiterate what the visitor has consented to and to give them the option of having their data, including their email address, removed from the website contact database.

As for Portugal, They have not yet implemented any specific national regulations regarding the GDPR adjustment laws. In fact, the only country to implement specific national law is Germany. Most other EU member states are still in draft bill stage.

1 Like

Thank you very much :slight_smile:

1 Like

Just so you know the GDPR insist that you cant auto check boxes that part of the rule.

Hello @Norm, when you said “already added” I look to it in the Beta, but I only see the atribute “Selected”, but the atribute “required” not. Is me who is not looking for the right place or I miss explained me?
Sorry…