How to create a GDPR compliant form

At Tally, we're committed to protecting the privacy of our customers and form respondents. We encourage all form creators to understand if GDPR compliance is required and ensure respondent data is handled with care. Learn how you can create forms that effectively collect respondent consent.
 
Know that this page does not serve as legal advice. Always make sure to determine together with your legal advisor how GDPR applies to your business.
Know that this page does not serve as legal advice. Always make sure to determine together with your legal advisor how GDPR applies to your business.
 


 

What is GDPR?

General Data Protection Regulation (GDPR) is a European law governing the processing of personal information of people located in the European Economic Area (EEA GDPR) and the United Kingdom (the UK GDPR). This means if you collect, use, transfer, store, or otherwise process the personal data of individuals in these areas, you need to follow the GDPR guidelines.
If you create Tally forms for personal use, you might not need to follow GDPR guidelines, and some smaller businesses may be exempt, too. However, it’s a good idea to check the GDPR website to see if the law applies to you.
 
If your business operates outside of Europe, you may still need to comply with GDPR if you collect data (such as website visitor information) from people within the EEA and the UK. Read more about it here or consult with a legal advisor.
If your business operates outside of Europe, you may still need to comply with GDPR if you collect data (such as website visitor information) from people within the EEA and the UK. Read more about it here or consult with a legal advisor.
 

Creating a GDPR-compliant form

We've taken the necessary actions to be GDPR compliant and bundled frequently asked questions about Tally & GDPR here. Make sure to take a look and get informed on your rights and duties as a form creator.
Below are several factors you should consider when collecting personal information (name, email, phone, etc.) with your form.

How to collect consent

Collecting consent from your respondents is a critical requirement for GDPR compliance. Your respondents should freely give their consent, and it should be specific, informed, and obvious.
You must also clarify why you are collecting personal information, how you will use it, and whether you will share it with third parties. Respondents can’t be forced into consent and must be aware that they are giving permission to use their data.
 
To collect consent in a Tally form:
  • Add a checkbox field to collect opt-in consent from your respondents. The checkbox must be empty. Add several checkboxes with accompanying explanation, if you plan on using the personal data for multiple actions.
  • Add a text block to explain how you’re going to use the information your respondents share with you and link to your privacy policy for more information about how you handle their data.
 
notion image
You can use this free Tally form template to get started.
You can use this free Tally form template to get started.
 

Data control and deletion

Under GDPR law, respondents have the right to access their personal data or to request that it be removed. Inform them and provide them with a way to do so. This can be as simple as sharing an email address that respondents can send their request to.
You can delete or export every single individual survey response from your account if a respondent asks you to do so. We honour all deletions from an account, and all account data which has been deleted by you is permanently deleted from our back-ups within 90 days.