Collecting personal information with a web form

If you are creating a form for the web, it is important to remember that there are a number of legal responsibilities you have to follow when collecting personal information.

Things to consider:

  • How the data is stored - information must be held in a way that is secure and can be easily recovered to prevent data from getting lost.

  • How long you store the data for - data should only be kept as long as it is needed for fulfilling its purpose.

  • Be clear about the purpose of the data - make sure that you only use data in the way that consent was given for it.

  • The purpose of the data is acceptable - the basis for collecting data must meet General Data Protection Regulations (GDPR).

  • The data may already exist - you should check if the data you want is already being collected or could be acquired from another source, eg SITS. If the data you need is already being captured by an existing form then you should link to that form instead.

Keep yourself up to date by reading all advice on Information Security provided by CiCS.

Guidance on using forms

In the Legacy CMS 

The Legacy CMS has a form template that allows you to create a simple web contact/feedback form within the CMS. This is also possible to do within the cPanel web hosting service.

In the New CMS

When collecting information using the New CMS, you should first consider whether a form is really necessary. If you can use a contact email address to collect the information you need, use the email address instead of a form.

If this is not the case, then you should use the University’s Google Form template where possible. 

If your form is aimed at an audience based in a country with limited access to Google, then you should either create your form in the Legacy CMS or use the Google Form template with a contact email address provided as an alternative.

    Get in touch

    If you have CMS questions or are stuck then get in touch and we'll do our best to help.