S
SkunkFormsStart Free
Free GDPR Compliance Audit

GDPR Form Compliance Checker

Audit your WordPress forms for GDPR compliance. Get a detailed score and actionable recommendations to protect user privacy and avoid penalties.

Compliance Checklist

Consent Management

Explicit consent checkbox

CRITICAL20 pts

Form includes a separate, unchecked consent checkbox that users must actively click

Why this matters

Pre-checked boxes or implied consent are not valid under GDPR. Users must take a clear affirmative action.

Clear consent language

CRITICAL15 pts

Consent text is specific, easy to understand, and explains what data will be used for

Why this matters

Vague phrases like "I agree to terms" are insufficient. Users must understand what they're consenting to.

Granular consent options

10 pts

Separate consent options for different purposes (marketing, analytics, etc.)

Why this matters

Users should be able to consent to some purposes but not others, giving them control over their data.

Easy consent withdrawal

10 pts

Clear instructions on how users can withdraw consent later

Why this matters

Withdrawing consent must be as easy as giving it. Users need to know how to opt out.

Data Collection

Data minimization principle

CRITICAL15 pts

Form only collects data that is necessary for the stated purpose

Why this matters

You can only collect personal data that is adequate, relevant, and limited to what is necessary.

Clear purpose statement

CRITICAL15 pts

Form clearly states why data is being collected and how it will be used

Why this matters

Users have the right to know why you're collecting their data before they provide it.

Optional fields clearly marked

5 pts

Non-essential fields are clearly marked as optional

Why this matters

Users should understand which fields they must fill out and which are optional.

No excessive data collection

10 pts

Form doesn't collect sensitive data unless absolutely necessary

Why this matters

Special categories of data (race, religion, health) require additional protections and legitimate reasons.

Privacy Policy

Privacy policy link present

CRITICAL10 pts

Form includes a prominent link to your privacy policy

Why this matters

Users must be able to easily access information about how their data will be processed.

Comprehensive privacy policy

CRITICAL10 pts

Privacy policy covers data collection, use, storage, sharing, and user rights

Why this matters

Your privacy policy must be complete and cover all aspects of data processing.

Policy is easily accessible

5 pts

Privacy policy is written in plain language and easy to understand

Why this matters

Legal jargon makes it hard for users to understand their rights and your obligations.

Policy update mechanism

5 pts

Privacy policy includes information about how users will be notified of changes

Why this matters

Users must be informed when you change how you process their personal data.

User Rights

User rights information

CRITICAL10 pts

Form or privacy policy clearly explains user rights (access, rectification, erasure, etc.)

Why this matters

Users must know they can access, correct, delete, or port their personal data.

Contact information for rights requests

CRITICAL10 pts

Clear contact information provided for users to exercise their rights

Why this matters

Users need to know how to contact you to exercise their data protection rights.

Response timeframe stated

5 pts

Privacy policy states how quickly you'll respond to rights requests (max 1 month)

Why this matters

GDPR requires responding to rights requests within one month, with possible 2-month extension.

Right to complain information

5 pts

Users informed of their right to complain to supervisory authority

Why this matters

Users have the right to file complaints with data protection authorities if they're unhappy.

Security Measures

HTTPS encryption

CRITICAL10 pts

Form is served over HTTPS to encrypt data in transit

Why this matters

Personal data must be protected during transmission to prevent interception.

Secure data storage

CRITICAL10 pts

Form data is stored securely with appropriate access controls

Why this matters

Data must be protected against unauthorized access, accidental loss, or destruction.

Data retention policy

5 pts

Clear policy on how long data will be kept and when it will be deleted

Why this matters

You cannot keep personal data longer than necessary for the purposes you collected it.

Data breach procedures

5 pts

Procedures in place to detect, report, and investigate data breaches

Why this matters

You must notify authorities within 72 hours of discovering a breach that poses risks.

Compliance Score

0/100

Significant compliance issues

Critical Requirements
0/10 met (0%)

Top Recommendations

1

Explicit consent checkbox

CRITICAL

Form includes a separate, unchecked consent checkbox that users must actively click

2

Clear consent language

CRITICAL

Consent text is specific, easy to understand, and explains what data will be used for

3

Data minimization principle

CRITICAL

Form only collects data that is necessary for the stated purpose

About GDPR Compliance

The General Data Protection Regulation (GDPR) requires businesses to protect EU residents' personal data and privacy.

• Non-compliance fines up to €20M or 4% of annual revenue
• Applies to any form collecting EU residents' data
• Critical requirements must be met for basic compliance

Need GDPR-Compliant Forms?

SkunkForms includes built-in GDPR compliance features to help protect user privacy.

Learn More

GDPR Compliance Resources

Official GDPR Text

Read the complete regulation and understand your legal obligations.

Privacy Policy Template

Get a GDPR-compliant privacy policy template for your website.

Get Legal Advice

Consult with a privacy lawyer for complex compliance questions.