Jotform is compliant with the GDPR (General Data Protection Regulation) (and the UK version of the GDPR). The GDPR is now the standard for consumer data protection rights, and Jotform templates help you comply with these new data protection standards.
If you collect, gather, or use personally-identifying data of natural persons in the EU or UK you must comply with these stricter customer data protection rules. Learn more about Jotform’s compliance and how GDPR affects your organization.
In May 2018, the GDPR replaced the Data Protection Directive, which had been in effect across the European Union (EU) since 1995. The goal of GDPR is to ensure greater protection for the personal information of EU residents. The same is true of the UK version of the GDPR, as it affects its residents.
To ensure that the protection of personal data remains a fundamental right for persons within the EU,GDPR aimed to modernize outdated privacy laws. GDPR has the potential to impact any business that collects data on EU residents.
If organizations are not GDPR compliant, they can face significant fines of up to €20,000,000 or 4% of global annual turnover/revenues.
Jotform is committed to complying with the GDPR and UK GDPR, in addition to the privacy laws of other countries and regions, and to protecting the personal data of people everywhere. We also want to make it easy for our customers to use their forms in compliance with the GDPR.
By using Jotform, our customers will typically act as the data controller for any personal data made available to Jotform in connection with their use of Jotform’s services. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller.
The Jotform Data Processing Addendum, which incorporates the Standard Contractual Clauses set forth by the EU authorities (as they update them from time to time) sets forth your responsibilities as a Data Controller, as well as Jotform as the Data Processor. Jotform utilizes a small list of Subprocessors. The current list is available here. The DPA is designed to ensure the compliant transfer of personal data outside the EU.
Jotform makes it easy for our users to show that they use Jotform in a GDPR-compliant way. To make it convenient and easy, we provide a Data Processing Addendum (DPA), which is a self-serve and easy-to-execute document pre-signed by Jotform. It only requires an electronic signature from the user.
Once the DPA is filled out and submitted, it will automatically be sent to Jotform so we and our customers have a record that this important document was put in place. You can provide the DPA to auditors to show that you use Jotform in a way that demonstrates that you are handling personal data in a manner that meets your GDPR compliance obligation.
The Jotform GDPR compliant DPA is available here.
Please send questions to firstname.lastname@example.org