With GDPR on the horizon, we’re working on several product updates to benefit our customers that fall under the regulation. Though these are not necessary for GDPR compliance, we are actively working on these improvements to further simplify and streamline your experience.

New Content Type

Plans: All plans

With a new highlighted fieldset as an available type of content, you can style that section separately from other fieldsets so you can make it stand out visually.

Under the GDPR, the consent section of a form must be “clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.” (Article 7(2)). With this addition we make it easier to create “consent sections” that meet the GDPR standard. It can also be used in other contexts to display, or request any information that must stand out from the rest of the form.

New Sensitive Data Types

Plans: All plans

Categorizing Sensitive Data enables further privacy-related features, like data masking, as well as helping with GDPR notification requirements when collecting data from third-parties. We are working on new sensitive data types, including:

  • PII
    • Mark as “Unspecified” (default)
    • Mark as “First Party” for data that belongs to the respondent
    • Mark as “Third Party” for data that does NOT belong to the respondent
  • Generic Sensitive Data: This can be anything considered sensitive that doesn’t fall under other categories. Example: Invoice numbers.

Customize the Text of the “Contact Information” Link

Plans: All plans

Providing identity and contact information to users is one of the requirements of the GDPR. Previously the link text for contact information was set to “Need assistance?” but we are working on the ability to customize that link text, show or hide the link, and change whether it points to your public Contact Information page or redirects to another website.

Show GDPR Rights Link

Plans: All plans

Individuals have certain rights under the GDPR, such as:

  • Right to Request Access, Rectification or Erasure of Data
  • Right to Withdraw Consent
  • Right to Lodge a Complaint to a Supervisory Authority

We are working on a feature that, if enabled would show a link next to the contact information link that would read “Your rights under the GDPR” (the link text and URL would be customizable). The link would take people to a page summarizing all the respondent’s GDPR rights.

Search Responses Across All Forms

Plans: All plans

The ability to search responses has been a much-requested feature even before the GDPR became a hot topic. We are looking at improvements that will allow FormAssembly users to search responses. This will facilitate the retrieval of personal data when processing GDPR requests from data subjects.

Enable IP Anonymization on a Form-by-Form Basis

Plans: All plans

IP addresses are part of response metadata collected by FormAssembly forms, and they are considered PII under the GDPR. For further respondent privacy, we are working on an update that will allow users to enable IP anonymization on individual forms.


In FormAssembly accounts we will add a checkbox for customers to note whether or not GDPR applies to their use of FormAssembly. This will allow us to reach out to customers to ensure they have signed the required Data Processing Addendum.

Session timeouts

Plans: Enterprise Cloud and Compliance Cloud

Enterprise Cloud and Compliance Cloud administrators will be able to set a session timeout that will automatically log out users after 30 minutes of inactivity. Compliance Cloud administrators can customize the timeout length.

Salesforce Connectors

Plans: All plans

We plan to update the Salesforce API to version 42, which will add “Individual” as a standard object. According to Salesforce: “The standard object, Individual, includes fields for storing data privacy preferences in data privacy records.”

Learn more about the GDPR in our dedicated FAQ page.

Pin It on Pinterest

Share This