GDPR Comments

Purpose: To create GDPR-compliant Comment Forms

You require 3 things to make your comment forms GDPR-compliant:

  • The comment can't be submitted without explicit consent.
  • You need to be 100% transparent about how the information submitted will be used/stored (and can refer to your Privacy Policy if needed, too).
  • You need to track exactly what the comment submitter agreed to.

Here's the necessary changes to the forms to do this:


(:input pmform target=comments:)
(:input default request=1:)
(:input default author "{$Author}" :)
'''Post a comment:'''
Name: (:input text author:) \\
Comments: \\
(:input textarea text rows=10 cols=40:) 

(:input checkbox GDPRpost "You may display this information on your website and may store my email address privately." "You may display this information on your website and may store my email address privately.":)

(:input submit name=post value="$[Post]" :)
(:input hidden csum "Posted a comment via PmForm":)
(:input end:)


(:template defaults where=above :) 
(:template require author errmsg="$[Missing name]":)
(:template require text errmsg="$[Missing message]":)
(:template require text match="-*http:*,-*https:*" errmsg="Please don't post external links":)
(:template require GDPRpost errmsg="Your permission to display your comment is required.":)
-> Posted by {$$author} on {$$CurrentTime}


Note: if you capture any other information than the comment/author name, you will need to change the text to make it explicit what you are capturing and how it will be used.

Also, added the red error messages since many users miss the error messages when they submit and there's a mistake submitting the form.

 0: 00.00 00.00 config start
 1: 00.01 config end
 2: 00.20 MarkupToHTML begin
 3: 00.22 MarkupToHTML end
 4: 00.23 MarkupToHTML begin
 5: 00.24 ReadApprovedUrls SiteAdmin.ApprovedUrls begin
 6: 00.24 ReadApprovedUrls SiteAdmin.ApprovedUrls end
 7: 00.27 MarkupToHTML end
 8: 00.27 MarkupToHTML begin
 9: 00.27 MarkupToHTML end
10: 00.28 now