EpiServer CMS forms
This guide explains how to make a Secure form* in the Episerver 10 CMS. It also covers what fields can be included and how to control where the form submissions are sent.
Due to GDPR we were advised by our Information Security Department & Chief Data Officer that we should not send personal data over email as it was unsecure. It is secure in our server and when it arrived in local partner systems; but may not be in transit. Hence we have had to change the way we share your data with you.
You will receive the alert email and then will have to login to the CMS to download it.
You can add more email alert receivers as is listed in the guidance, and we can give you more users with author access, which means they can’t publish anything but can access the data.
Data Controller and Data Processor
We are working on Terms and Conditions up at the moment, and this will be available via the CMS login page and communicated more widely when it is finalised. However:
The local Age UK is the data controller who determines the processing of personal data as they set up the form that have requested the original data.
Age UK National is the data processor which ‘processes’ personal data on behalf of the controller. Age UK don’t actually do anything with the data but we supply the CMS as a secure environment for collection and retrieval of that data. Previously this would have been the emailing of the data, however as described above we can no longer support that specific process. Age UK will endeavour to protect the system against external attacks (hence the new login page and third party embed guidance). However, if the data breach came from data taken out of the system by partners or by partners sharing login details then that would be the responsibility of the data controller i.e. the partner organisation.
*Our systems are very secure with multi-level security factors, No one can see what the user is inputting,
Other form options
You can use other form options on the website, for example you could set up a word form using office 365 and embed it, then going forward you wouldn’t have to log into the cms to get the enquiries. You will however have to confirm that they are in line with any data policy
You would embed/ share these in a new text block, using the code view function available by clicking < >
You can build forms in Microsoft forms in Office365, so that might be a good starting place to build one and test if collects data as you expect, and you can then use the share button to embed it in a text block.
Google also supports forms which can be embedded