A GDPR-compliant form is one whose handling of personal data satisfies the EU General Data Protection Regulation. Because any field that captures a name or email collects personal data, compliance applies to essentially every contact form, signup, and survey aimed at people in the EU.
Compliance for a form reduces to a concrete checklist: have a lawful basis for processing (replying to an enquiry is usually legitimate interest; anything beyond it needs unbundled, unticked consent); collect only what you need (data minimisation); set a retention window so submissions auto-delete; be able to export and erase a person's data on request within a month; and store the data somewhere known, ideally with EU data residency to avoid cross-border transfer complications.
Security is part of compliance too - encrypted storage in transit and at rest, access controls, and a Data Processing Agreement from your provider. The compliance pillar guide covers the whole picture, and the GDPR-compliant contact form use case walks through the end-to-end setup.
Related terms
Double opt-in
A signup confirmation flow where a subscriber must click a verification link in an email before being added to a list.
File upload form
A form that accepts file attachments - CVs, images, documents - which must be validated, scanned, and stored securely.
Autoresponder
An automatic confirmation email sent to the person who submitted a form, acknowledging receipt and setting expectations.
Read the full guide