While researching the implications of GDPR on our client websites we came across some mixed messages when looking into the use of online forms and how the process of submitting data via a simple form is affected.
Most of the information we found talks about ensuring the website is running under https to encrypt data between the form and the website database - yes that makes sense. There is also advice on ensuring privacy notices and opt-ins are clearly highlighted - yes that's clear. The next recommendation was that no data from the form is stored in the website database, nullifying the risk of a personal data breach - also sensible, if it's not there it can't be hacked. However, one area of weakness in the security of online forms was missing - the unencrypted email sent via the website to the recipient.
Solving this raises issues for data controllers and data processors as the solutions add a layer of complexity to the compliance process and liabilities.
The GDPR consultant assisting us with our own compliance suggested a solution. If a form is essential to collect data then the following process should be considered.
- Ensure the site is running under https protocol
- On form submission the unencrypted data is NOT sent via email to the recipient(s) but is stored in the website database
- A notification is sent by email to the recipient(s) to let them know that a form has been submitted
- The recipient must then login to the website admin pages to view the data under https
- The form content can then be printed or downloaded, but crucially is never sent via unencrypted email
This adds an additional admin overhead to each form submitted for the recipient(s).
It also raises questions regarding the stored data in the database as the ICO say the data should be stored in an encrypted form. It also means that the company responsible for management of the website, as the data processor take responsibility for the stored data, which will probably lead to increased fees for hosting and management.
An alternative would be encrypting the email process between the website and recipient(s) mail program. This has other IT implications as it requires encryption at both ends of the process (sending and receiving). Something that could prove impractical for some organisations, but possibly less open to data breaches as no data is stored in the cloud.
Both options comply with GDPR. Which one is adopted will depend on the technical processes, administration overheads and cost.