GDPR MailForm

If you look for guidance on the web for your exact needs, you may find that you may need to add checkboxes for opt-ins to your email forms in order to gather people's consent for what you're doing with their information, including storing their email on your computer, your server if you use IMAP, etc. You may need separate explicit checkboxes for all permissions — email, email list, SMS contact, and sending them any group emails (like a newsletter), even if they won't be on an email "list" service, etc.

Legal Notice

This page does not constitute legal advice. Please discuss your specific needs for what you need to get permission for, how to word the permissions on your forms, etc. with your own lawyers. This is advice on how to set up forms using PmForm on PmWiki only, not what needs to be put in them, and is not legal advice. I'm a volunteer on this project, not a lawyer.

Here's an article that may help understand what I'm trying to do with the forms:

GDPR-compliant Forms

As I understand it, checkboxes need to be UNchecked and explicitly checked by the customer. What the article doesn't state is that you also need a record that they checked said boxes, and exactly what they agreed to. So your form can't send you the email unless they check that they're OK with you having the information they put in the email, and how you word it should be tracked as well in case you change it in the future, or there's any dispute over what they agreed to. And if there's anything else you may do with their information, you need explicit consent for each thing you might do with it (and track the wording for each permission).


The setup is the same as for the MailForm recipe, with some changes, below.

Making your mail form GDPR compliant

GDPR fields and "Require" checkbox

(:template defaults successpage='' :)
(:input pmform target={$$target} successpage={$$successpage} :)
(:input default request=1:)
||$[Your address]: ||(:input text from size=30:) ||
||$[Subject]:      ||(:input text subject size=30:) ||
(:input textarea text rows=8 cols=60:)

(:input checkbox GDPRemail "I give permission for you to store my information \
on your email server and computers that store email." "I give permission for you \
to store my information on your email server and computers that store email.":)

{$Captcha} (:input captcha:) \\
(:input submit name=post value='$[Send]':)
(:input end:)

The (:input pmform:) line specifies that this is a form to be handled by the PmForm module, and that it's to process the form according to whatever target was given by the (:pmform:) directive. Here, the form contains three fields to be filled in by the sender: the sender's address ("from"), the message subject ("subject"), and the text of the message itself ("text").

The "fmt=" option specifies the template to use for sending the email based on the inputs provided by the form. For example, the #mailform template that comes with PmForm contains:

(:template require from errmsg="$[Missing 'from' address]" :)
(:template require subject errmsg="$[Missing message subject]" :)
(:template require text errmsg="$[Message text required]" :) 
(:template require if="captcha" errmsg="$[Captcha required]" :)
(:template require GDPRemail errmsg="Your permission to receive and store your email is required.":)


GDPR Permission(s) Granted: 

Sent via PmForm at {$$PageUrl}


For GDPR compliance, make as many "Permissions" checkboxes as needed, but only require (the "template require" line) the one(s) needed to send you the email itself.

Make sure to copy exactly the language the user checked into the email that goes to you for tracking purposes of exactly what they agreed to give you permission to do. You need a record of this for legal purposes, so don't abbreviate the permissions — put the full text into the email sent to you. i.e. If you have more than one checkbox, make sure to send yourself the exact text agreed to for all checkboxes.

Recipe by XES September 05, 2018, at 02:38 PM

 0: 00.00 00.00 config start
 1: 00.00 00.00 config end
 2: 00.02 MarkupToHTML begin
 3: 00.03 ReadApprovedUrls SiteAdmin.ApprovedUrls begin
 4: 00.04 ReadApprovedUrls SiteAdmin.ApprovedUrls end
 5: 00.15 MarkupToHTML end
 6: 00.16 MarkupToHTML begin
 7: 00.17 MarkupToHTML end
 8: 00.17 MarkupToHTML begin
 9: 00.18 MarkupToHTML end
10: 00.18 now