Add checkboxes to collect GDPR consent via opt-in forms

Add checkboxes to collect GDPR consent via opt-in forms
Nina De la Cruz
Nina De la Cruz 3 min read

If you want to make your website GDPR-compliant, one of the first steps is making sure you obtain explicit consent of a person before you collect and process their personal data. The easiest solution here is adding a checkbox to any form you use to collect personal information – thus making the form GDPR-compliant.

In the post below, we’ll show you how to create a GDPR consent form with Getsitecontrol and make your email capturing popups GDPR-friendly.

GDPR newsletter signup example by Getsitecontrol

Getsitecontrol allows you to add a custom consent message box just like the one illustrated above. When you make it mandatory to check, your website visitors will only be able to submit their details after they have confirmed they agree to your processing of their data.

If you’ve got familiar with the theory of GDPR, you already know that it focuses on personal data: the way it’s collected, the way it’s stored, and the way it’s processed. Any data that allows for identifying a person directly or indirectly is considered personal, including IP addresses, names, or emails. Thus, the rule applies to each case when your visitors submit their details through your website - whether it’s an email subscription form, a contact form, or an online survey.

Naturally, the materials below are for informational purposes only, and we won’t be able to provide any legal advice.

What we can definitely provide you with is a guide on creating a mighty good-looking email form with a mandatory checkbox, because this is what Getsitecontrol is great for. Everything else is on you. Although, of course, we assume you know that adding a consent checkbox to an opt-in form doesn’t make your website GDPR-compliant automatically. It’s just a step towards compliance under the new law, and there are a few other requirements you’ll need to meet.

How to obtain explicit consent via email opt-in forms

The popup in the illustration above is an email opt-in form by Your Guitar Academy. Right below the “Subscribe” button, there is a brief custom consent message with a box that must be checked by a user to complete the subscription.

Keep this example in mind because it contains every element an effective and a GDPR-friendly opt-in form should have:

  • Enticing copy and a call-to-action
  • An eye-catching creative
  • Name and the email address fields
  • Consent message with a mandatory checkbox

Here is how to add a similar one to your website in 5 easy steps

  1. Login to your Getsitecontrol account.
  2. Click Create widget and choose the solution you’re looking for: an email subscription form, a contact form, or a survey with email capture.
  3. On the Appearance tab, choose the colors and upload a creative – or select one from the gallery.
  4. On the Content tab, type the copy and place a call-to-action.
  5. Next, click Add field to form and select Flag. This will add a checkbox right above the CTA button. Type the consent message and make the box required.

Once you’re done, just save and activate the widget – it will instantly go live on a website. Don’t forget to connect the form to your email marketing software to start building the list right away.

The question you might still have in mind is whether there is a strict requirement about what to include to the consent message.

Just like with cookie consent banners, it’s essential to specify how exactly user data is going to be used and to require explicit consent from a user to such use from them. And if you sift through various websites, you’ll see dozens of consent copy variations. Below is one of them.

Mandatory consent checkbox on a subscription form

This is an example from NBS, a technology platform for the construction industry. When you try to download the latest report from their website, an email subscription form pops up with a detailed explanation on what else you should expect to receive in your inbox after filling out the form.

As you remember, according to the GDPR requirements, users must be able to provide their consent voluntarily. So, if the copy on your opt-in popup clearly invites people to become a part of an email list by providing an email address, a checkbox might be excessive because it would simply repeat the statement. Consider Business Insider France subscription popup that has no checkbox.

Business Insider France email signup example

Yet, if it’s a signup form (for account creation for instance), or a lead magnet offered in exchange for a subscription, an additional clarification, and a consent request might be needed. For instance, in both cases - the NBS and the Your Guitar Academy described above - the checkbox is mandatory, so the absence of consent will mean the inability to subscribe.

Tips for your marketing strategy