ABOUT GDPR
GDPR is the comprehensive data protection and privacy regulation that was implemented by the European Union and applies since May, 2018. The regulation is an essential step to strengthen individuals' fundamental rights in the age of newly developed technologies.
The GDPR applies to organizations that process the personal data of residents in the EU, regardless of where the processing takes place. This means that the territorial scope of the GDPR is wide-ranging, the individuals and organizations outside the EU may also be subject to the GDPR if they process EU citizens' data.
After Brexit, the new regime for the UK is known as UK GDPR and the similar local requirements have been formed by UK data protection authority Information Commissioner's Office (ICO).
WHY GDPR IS IMPORTANT
To ensure that the protection of personal data remains a fundamental right for individuals within the EU, GDPR aimed to modernize outdated privacy laws. GDPR has the potential to impact any business that collects data on EU residents.
DATA STORAGE
You can store your data in the EU by enabling the appropriate option in the Data tab of your account settings. After confirmation, your form data will be moved to our European servers in Frankfurt, Germany, run by Google. Once the transfer is complete, you’ll be automatically redirected to eu.jotform.com upon login.
If you have further questions about how to store your data on EU servers, this guide will help you to find more information.
HOW TO CREATE FORMS THAT HELP YOU COMPLY WITH GDPR
With Jotform's drag-and-drop form builder, you can prepare your forms and gather personal data in a secure way. It is easy to create and customize your ideal form and send it as many times as you need.
For the documents that need to be signed such as consent forms and data processing agreements, Jotform Sign is a great option. You can securely gather signatures anytime, anywhere without the trouble of messy paperwork. Electronic signatures are highly secure because they typically use digital certificates and encryption to verify the signer’s identity.
Note that Jotform is not responsible for the content of your forms and compliance to any law or regulations including GDPR. While using forms, records, contracts or any documents with legal implications under GDPR, we recommend that you do your homework to ensure you are complying with GDPR and that you consult an attorney before relying on any particular form.
SIGN A DPA
Processing conducted by a processor on behalf of a controller must be governed by a written contract or other legal act. Jotform makes it easy for our customers to show that they use Jotform in a GDPR-compliant way. To make it convenient and easy, we provide a Data Processing Addendum (DPA), which is a self-serve and easy-to-execute document pre-signed by Jotform. It only requires an electronic signature from the user.
Once the DPA is filled out and submitted, it will automatically be sent to Jotform so we and our customers have a record that this important document was put in place. You can both fulfill your obligation to have a DPA and check over the terms and conditions of the processing.
The Jotform GDPR compliant DPA is available here.
Please note that GDPR is a legislative regulation and legal advice should be sought for all-purpose compliance. If you have further questions regarding Jotform’s GDPR compliance or related features please contact us via gdpr@jotform.com
