Search Our Site

We have 3,758,575 registered online learners.
339 new learners so far today.

How to write GDPR consent questions

schedule 25th May 2018 by Fiona Sheen in Virtual College Last updated on 31st May 2018

GDPR Folder

GDPR is very much here, but not everyone is quite ready yet. One of the major points of debate is over gaining consent. The regulations now require that any organisation wishing to collect and process (i.e. use) a person’s information must have sound legal grounds to do so. In many cases, these legal grounds will simply be that the individual has requested a service, and certain elements of information are essential to this. But when this isn’t the case, such as when it comes to marketing, consent must be acquired. Naturally this means that lots of businesses are now having to alter contact forms and similar pages on their websites. Where it used to be the case that a business could simply collect information from a form and use it however they wished, this is no longer the case. In this article, we’re going to go through a few of the main points to bear in mind when you’re thinking about writing consent questions on contact forms, quote forms, or any other kind of page that collects information about an individual.

Be specific

GDPR is very clear in wanting individuals to have control over their data, which means that you need to reflect this where possible. If there are several different things that you want consent for, then split them down where practical. Bundling options together could well fall foul of regulation, so don’t do this. There does of course need to be some consideration for ease of use - using too many questions could well be off-putting and confusing, so use common sense. In general, it’s best to split things out into consent for your general terms and conditions for carrying out the requested service, and then consent for any additional types of processing that you want to carry out, such as marketing. You may also have different ways to contact the individual, such as through email, text or phone. It’s good practice to allow the individual to choose from these options. If you’re in doubt, then ask the question. This is the safest position to take.

Ensure the question has been read

You must be sure that the user has read and understood the question that you’ve asked of them, and decided whether or not to agree. The regulations are clearer than they used to be, and implied opt-in is now on very shaky grounds. You mustn’t use automatically checked boxes - you need definitive proof going forward that the user actively opted into whatever data processing you’ve requested. Make sure that all boxes are unchecked and that the user has read the question in order to have given consent.

Explain the benefits

Getting consent isn’t purely about staying on the right side of GDPR. It’s also your opportunity to sell the benefits of collecting data. Explain why you’d like consent to send marketing emails or other reasons for processing information. Will you be sending out exclusive offers or discount codes? What does the user get out of this? Will you be able to provide a better service with certain bits of information? You don’t want to go overboard, but it really does help to give users a reason to check that box. It’s also worth noting that you need to ensure that the user doesn't feel like they are obliged to give consent to get a good service.

Speak plainly

Our final point is an important one. As with a great many types of writing, the most effective approach to take is to speak as plainly as possible. This will help your customers, or potential customers, understand exactly what you’re offering and why it might be of benefit to them. In addition, GDPR guidelines do insist that questions are easy to understand and that there’s no ambiguity. Incidentally, this also goes for any terms and conditions or privacy policy that your questions might link out to. You can have a very robust set of policies without the need for overly complex legal language that your users are unlikely to understand.

GDPR training is available for those looking for more information about the regulations. Click here to be taken to the Virtual College course page on the subject.

Fiona Sheen for Virtual College

Author: Fiona Sheen

Fiona is a Learning Technology Consultant with Virtual College and has over 20 years of experience in customer service and relationship management in various industries. A graduate from Aberdeen University, Fiona enjoys baking, reading and running in her spare time.

ISO 9001:2015
Crown Commercial Service Supplier
LPI Accredited Learning Technologies Provider


+44 (0)1943 605 976

Virtual College

Marsel House


West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.


We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.


You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.