After the entry into force of the GDPR in May last year, there was uncertainty among some website operators regarding the integration of contact forms on the website. In principle, according to BayLDA chapter 8.4 page 55 ff, there is nothing to be said against integrating a contact form on the website if the following points are observed:
- It is important to know here that no consent of the user is required, as the data processing can be based on a weighing of interests. Here, the responsible party has a legitimate interest in answering the user’s inquiry.
- Another possibility is that the contact form is used by the user to obtain information about goods and services offered. In this case, processing for this purpose may be based on Art. 6(1)(b) GDPR – for the performance of a contract.
- Furthermore, consent is required as soon as special categories of personal data (e.g. health data) are processed.
- Another important point is to check which data is requested at all in the contact form. Are these mandatory fields or optional information? The principle of “as much as necessary, as little as possible” must be observed, i.e. the principle of data economy.
Further information: https://www.lda.bayern.de/media/baylda_report_08.pdf