As of May 25, General Data Protection Regulation (GDPR) will come into effect.

This new data protection law affects any organization local or international that collects, stores, modifies and likewise processes personally identifiable information (PII) of EU citizens.

For breaching GDPR in any of its segments, companies worldwide are going to face serious fines — up to €20,000,000 or 4% of their annual turnover, whichever of the two is greater. Reason enough for all of us to make it a top business priority in the following month.

Personally identifiable information (PII) is defined as the information that represents and identifies an individual on the Internet. These information include but are not limited to:

All these information are usually collected through online forms like signup, subscription, feedback, registration, application, and payment forms.

During more than a decade of EmailMeForm, we have always supported our users, ensuring that the forms they make and the data they collect are secure and adhere to our Terms of Service, anti-spam, anti-spoof, and other rules of proper conduct on the web. GDRP, however, requires much more than that.

What is EmailMeForm doing to prepare for GDPR

Privacy and safety of the data that gets collected, stored, and processed through our system has always been our top concern. Our team will continue supporting your safe operations while giving you even more control over your data.

As your form provider and data processor, EmailMeForm is making sure that we on our side are ready for GDPR and our system is all set to help you become compliant.

For the sake of clarity, GDPR is introducing these three types of entities in the data processing cycle:

Data processor - orgs and apps through which personal data collection and processing are made available to data controllers (EmailMeform)

Data controller - orgs that collect personal data from their customers (you)

Data subject - a person whose data is being collected and processed (your customers)

EmailMeForm can be seen as mainly your data processor. However, since we also use other platforms to outsource some of our data operations — we become a data controller in respect to those platforms.

Therefore, we are making sure that the vendors we work with are GDPR compliant and sensitive about keeping your personal data safe.

As most of our users fall into the data controller category, we would like to give you a heads up about the steps you need to take yourself to make your forms adhere to the GDPR rules.

In this article we’ve explained how to achieve this for your forms.

Both data processors and data controllers are legally liable for data breaches. Hence, it is in our best interest to get this right together and we need to do it fast.

Now, let’s see what EmailMeForm has done and is still doing to achieve GDPR compliance for our platform:

We’re making sure that the data you collect and store via your EmailMeForms are encrypted while in transit and at rest.

Tracking and pinpointing the areas we need to work on in relation to GDPR, making a GDPR impact assessment, and devising a strategy for product and team development.

We have appointed a Data Protection Officer (DPO) to spearhead our GDPR implementation strategy.

Our team is reviewing our internal processes making sure that only specific employees are granted the access to user data when their job roles require the access. These employees have received a special training to understand how to properly keep information secure and they are logged for what they access to ensure the safety of the data. This means that our customer information is only available on a “need-to-know” basis by EmailMeForm employees.

All team members have adopted multi-factor authentication (MFA) for the accounts they use to access and process customer data. We suggest that you do this too, for all your accounts.

We are building a GDPR-focused operations team that will be available to our users and employees to help them stay compliant with GDPR.

For your convenience, our marketing team has prepared guides to educate you on the existing EmailMeForm features that can be used to make your forms compatible. Here is a hint on those:

Our engineers are developing new platform features to make GDPR compliance easier for you (maintenance of personal data records and processing activities). We will post about new features as they are built and ready for you to use.

Additionally, we are constantly dedicated to security monitoring and server checks.

Our DPO is double checking our data processors that we use for marketing, SEO, customer support and other internal operations, making sure that their platforms and processes comply with GDPR principles.

In legal terms, we are updating our Data Retention Policy, Privacy Policy, and Terms of Service, to expand your control over the data you store with us and provide additional information about how we handle your data.

We are doing the best we can to ensure that we are compliant and to help you become compliant in time as well.

Additionally, you can check this overview of key terms and features that will help you unlock the EU General Data Protection Regulation.

To seek more information or ask for assistance in your GDPR efforts, please get in touch with our compliance team at


Author Jovana Milankovic

Jovana Milankovic

Jovana is a content creator and marketing manager at EmailMeForm. Her job is to curate our software to the world and make it more human for our users.

Actionable data insights create new revenue opportunities, increase efficiency, and cut costs, but many executives still operate on gut instinct.

Creating business value from big data

GDPR Explained: the Basics

Demand for cybersecurity professionals rises as the industry fails to keep up with growing risk.

Cybersecurity Workforce Shortage

As education transitioned into the digital age, schools have an increased responsibility to safeguard their students’ data.

Schools’ digital responsibility to ensure student data privacy

More blog posts