Mobyform DocsGDPR Controls
Data privacy controls and GDPR-oriented management features.
GDPR Controls
Mobyform provides GDPR-oriented controls that help teams manage privacy notices, access, retention, data subject requests, and audit records. These controls support your compliance work, but they do not automatically make every form or organization GDPR compliant.
Privacy Settings
Form-Level Privacy
Configure privacy options in form settings:
- Privacy Consent — Add a privacy policy confirmation field
- Data Purpose Statement — Inform users about data collection purposes
- Cookie Consent — Cookie usage confirmation
Sensitive Field Marking
Mark fields containing sensitive information:
- Personal identity information (name, ID number, etc.)
- Contact information (email, phone number, etc.)
- Financial information (bank card numbers, etc.)
- Health information
- Location information
Marked sensitive fields receive additional access controls.
Data Subject Rights
Data Access Requests
Users can request access to their personal data:
- User submits a data access request
- Admin reviews the request
- Export the user's related data
- Provide to the user
Data Deletion Requests
Users have the right to request deletion of their personal data:
- User submits a deletion request
- Admin reviews the request
- Execute data deletion
- Confirm deletion completion
Data Rectification
Users can request correction of inaccurate personal data.
Data Restriction
Users can request restriction of processing their data.
Right to Object
Users can object to specific data processing activities.
Data Retention
Retention Policies
Set data retention periods:
- Permanent — Data is never auto-deleted
- Custom Retention Period — Auto-delete after the retention period
- Delete After Processing — Delete data after processing is complete
Auto Cleanup
Configure auto-cleanup rules to delete expired data on schedule.
Data Protection Impact Assessment (DPIA)
Conduct impact assessments for high-risk data processing:
- Assess necessity of data processing
- Identify risks and impacts
- Develop mitigation measures
- Document assessment results
Data Breach Management
Breach Response
Process for handling data breaches:
- Record the breach event
- Assess the impact scope
- Notify affected users
- Report to regulatory authorities (if required)
- Implement remediation measures
Breach Records
Document all data breach events:
- Breach and discovery time
- Affected data types
- Number of affected users
- Measures taken
Lawful Basis
Set the lawful basis for data processing:
| Type | Description |
|---|---|
| Consent | User explicitly consents to processing |
| Contract | Processing to fulfill a contract |
| Legal Obligation | Legally required processing |
| Legitimate Interest | Based on legitimate business interests |
| Public Interest | Processing in the public interest |
| Vital Interest | Protecting user vital interests |
Audit Logs
Privacy-related actions are automatically logged:
- Data access records
- Data modification records
- Deletion operation records
- Permission change records
- Export operation records
Next Steps
- API — Learn about the developer API
- Collaboration — Manage data access permissions