DOCS Data protection and privacy note

docs/en/userguide/index.md

@@ -7,7 +7,26 @@ summary: How to use the UserForms module to create forms via the CMS.
 
 Make sure that your SilverStripe CMS installation has the [UserForms](https://addons.silverstripe.org/add-ons/silverstripe/userforms/) module installed.
 
-## UserForm features
+## Data Protection and Privacy
+
+**IMPORTANT: READ THIS BEFORE USING THE MODULE**
+
+This feature allows authors with CMS permissions to create forms which process submission data,
+and store data the CMS database by default. Anyone with the ability to create forms
+also has access to view and export submissions. As the owner and operator of your website,
+you should ensure processes and safeguards are in place to perform these actions securely.
+
+This is your responsibility, but here are a few tips to get you started:
+
+ * Ensure you have the necessary consents for processing and storing data according to your legislation (e.g. GDPR) 
+ * Only accept form submissions via encrypted transfers (HTTPS) - check our [Secure Coding](https://docs.silverstripe.org/en/4/developer_guides/security/secure_coding/) guidelines
+ * Control access to form submissions (via CMS page access controls)
+ * Create a process to limit the types of data you are allowed to collect via this feature (e.g. no payment information or health data)
+ * Create a process for limiting submission storage duration (manual deletion)
+ * Consider further safeguards such as at-rest encryption (check [encryption related addons](https://addons.silverstripe.org/add-ons?search=encrypt))    
+
+## Features
+
 * [Create and edit forms](creating-and-editing-forms.md)
 * [Add different field types to a form](field-types.md)
 * [Set up multipage forms](multipage-forms.md)