Collecting personal information with a web form

If you are creating a form for the web, it is important to remember that there are a number of legal responsibilities you have to follow when collecting personal information.


Things to consider:

  • How the data is stored – information must be held in a way that is secure and can be easily recovered to prevent data from getting lost.

  • How long you store the data for – data should only be kept as long as it is needed for fulfilling its purpose.

  • Be clear about the purpose of the data – make sure that you only use data in the way that consent was given for it.

  • The purpose of the data is acceptable – the basis for collecting data must meet General Data Protection Regulations (GDPR).

  • The data may already exist – you should check if the data you want is already being collected or could be acquired from another source, eg SITS. If the data you need is already being captured by an existing form then you should link to that form instead.

Information Security guidelines

Keep yourself up to date by reading the University's advice on Information Security.

Guidance on using forms

You should first consider whether a form is really necessary. If you can use a contact email address to collect the information you need, use the email address instead of a form.

If this is not the case, then you should use the University’s Google Form template where possible. 

If your form is aimed at an audience based in a country with limited access to Google, then you should either:

  • use the Google Form template with a contact email address provided as an alternative, or
  • use the Qualtrics (University login required) software to create an online form 

Get in touch

If you have CMS questions or are stuck then get in touch and we'll do our best to help.