Merge pull request #923 from open-sausages/pulls/docs-warning-submission-storage

DOCS Data protection and privacy note
This commit is contained in:
Maxime Rainville 2019-12-06 16:55:24 +13:00 committed by GitHub
commit d43279f44d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 9 deletions

View File

@ -3,14 +3,6 @@
UserForms enables CMS users to create dynamic forms via a drag and drop interface
and without getting involved in any PHP code.
## Maintainer Contact
* Will Rossiter (Nickname: wrossiter, willr) `<will (at) fullscreen (dot) io>`
## Requirements
See the "require" section of [composer.json](https://github.com/silverstripe/silverstripe-userforms/blob/master/composer.json)
## Features
* Construct a form using all major form fields (text, email, dropdown, radio, checkbox..)

View File

@ -7,7 +7,26 @@ summary: How to use the UserForms module to create forms via the CMS.
Make sure that your SilverStripe CMS installation has the [UserForms](https://addons.silverstripe.org/add-ons/silverstripe/userforms/) module installed.
## UserForm features
## Data Protection and Privacy
**IMPORTANT: READ THIS BEFORE USING THE MODULE**
This feature allows authors with CMS permissions to create forms which process submission data,
and store data the CMS database by default. Anyone with the ability to create forms
also has access to view and export submissions. As the owner and operator of your website,
you should ensure processes and safeguards are in place to perform these actions securely.
This is your responsibility, but here are a few tips to get you started:
* Ensure you have the necessary consents for processing and storing data according to your legislation (e.g. GDPR)
* Only accept form submissions via encrypted transfers (HTTPS) - check our [Secure Coding](https://docs.silverstripe.org/en/4/developer_guides/security/secure_coding/) guidelines
* Control access to form submissions (via CMS page access controls)
* Create a process to limit the types of data you are allowed to collect via this feature (e.g. no payment information or health data)
* Create a process for limiting submission storage duration (manual deletion)
* Consider further safeguards such as at-rest encryption (check [encryption related addons](https://addons.silverstripe.org/add-ons?search=encrypt))
## Features
* [Create and edit forms](creating-and-editing-forms.md)
* [Add different field types to a form](field-types.md)
* [Set up multipage forms](multipage-forms.md)