Introduction
A quick disclaimer: this blog is not about GDPR compliance; for more on GDPR compliance, please visit https://gdpr.eu/, and for more on Umbraco and GDPR, please visit "Umbraco and GDPR". This blog describes the GDPR support in Umbraco Forms.
As discussed in The Accessibility Benefits from Upgrading Umbraco an Umbraco upgrade also means an upgrade to Umbraco Forms. Umbraco Forms allows content editors to build responsive forms within Umbraco easily and generates HTML that can be easily added to Umbraco websites.
Umbraco Forms and GDPR
When Umbraco 7.9 was released it was branded "The GDPR Upgrade", it included:
- The ability to mark Form fields as 'sensitive' to hide them from certain types of back office users.
- An option to not store values at all in Umbraco Forms default data store which will allow developers to use the Form’s workflows to store the form data in their own custom data store.
When building any form, the form author needs to consider GDPR and data retention. Since the release of Umbraco 7.9, Umbraco have improved support for GDPR within Umbraco Forms.
Umbraco Forms Workflows
Umbraco Forms includes the ability to allow authors to extend the functionality of a form, using Umbraco Forms Workflows. Umbraco Forms Workflows include:
- Posting to slack
- Sending an email
- Sending the form to a URL (for example for a Salesforce integration).
When configuring each of these the content editor needs to decide if the data also needs to remain in Umbraco as well as GDPR compliance.
For example:
- If the form is posted to a URL consider if the data needs to remain in Umbraco form.
- If the data is shared via email or posted to slack the contents should considered alongside who will have access to the data.
- If the data is stored in Umbraco consider how long it should remain there. Prior to Umbraco Forms 10, purging of data from Umbraco Forms was a manual task.
Umbraco Forms v8
Umbraco Forms in Umbraco 8 included the following GDPR improvements:
- Umbraco Forms 8.4 Fields marked as sensitive no longer sent in the email workflow.
- Umbraco Forms 8.10 saw enhanced security for file uploads, incredibly important when users are uploading personal information, prior to this release developers had to write their own extensions to Umbraco to secure data uploaded by users.
- Umbraco Forms 8.11 had improvements for security, meaning new users can not be granted access to view and manage all forms and group security can be applied to Umbraco Forms.
Umbraco 10 +
Store Records Locally
From Umbraco Forms v8 the choice to store records locally can be set on a per form level, by going to the form settings and ensuring "Yes, keep submitted records in a database so they can be viewed and exported later." is checked. The default on new forms is to set this to true.
In Umbraco Forms v10 and later the default value can be configured in appsettings.json:
"Umbraco": {
"Forms": {
"FormDesign": {
"StoreRecordsLocally": true
}
}
}
Data Retention
Introduced in Umbraco Forms v10.2 Umbraco forms was the ability to schedule the deletion of records. Even if a content editor sets scheduled deletion in the back office, the records will not be deleted unless the task is configured in appsettings.json:
"Umbraco": {
"Forms": {
"Options": {
"ScheduledRecordDeletion": {
"Enabled": false,
"FirstRunTime": "",
"Period": "1.00:00:00"}
}
}
}
The settings are as follows:
Enabled: by default this is set tofalse. Set totrueto enable the scheduled deletion of records.FirstRunTime: The value is specified as a string in crontab format. For example, a value of"* 4 * * *"will first run the operation at 4 a.m.Period: Defines how often the record deletion process will run. The default value is1.00:00:00which is equivalent to once every 24 hours.
Once enabled a content editor can decide on a per form basis if the data should be retained forever, or set a time period for data retention. To do this the content editor should goto form settings and scroll to the Data Retention section. Alternatively the defaults can be configured in appsettings.json:
"Umbraco": {
"Forms": {
"FormDesign": {
"DaysToRetainSubmittedRecordsFor": 0,
"DaysToRetainApprovedRecordsFor": 0
}
}
}
These settings are the number of days to retain data for. When set to zero the data is retained forever. From the Umbraco Docs these settings are:
DaysToRetainSubmittedRecordsFor: when the value is set to a positive number a date value calculated by taking away the number of days configured from the current date is found. Records in the 'submitted' state, that are older than this date, will be flagged for removal.DaysToRetainApprovedRecordsFor: Applies as perDaysToRetainSubmittedRecordsForbut for records in the 'approved' state.
IP Addresses
The guidance on defining IP addresses as personally identifiable information is nuanced, however if for GDPR purposes the form should not gather it then this can be prevented via the following configuration option in appsettings.json:
"Umbraco": {
"Forms": {
"Options": {
"EnableRecordingOfIpWithFormSubmission": false
}
}
}
From the Umbraco Docs:
The user's IP address is recorded by default when a form is submitted and stored in the UFRecords database table.
To remove this behaviour set this value to false.
If you record IPs and your site is behind a proxy, load balancer, or CDN, we [Umbraco] recommend using ASP.NET's forwarded headers middleware to ensure the correct value for the client IP is resolved.
Security
Umbraco 9.3 added support for the security settings being configured via appsettings.json:
"Umbraco": {
"Forms": {
"Security": {
"DefaultUserAccessToNewForms": "Grant",
"ManageSecurityWithUserGroups": false,
"GrantAccessToNewFormsForUserGroups": "admin,editor"
}
}
}
The configuration options are as follows:
DefaultUserAccessToNewForms:By default all users are granted access to newly created forms. To deny access to the new forms update this toDeny.ManageSecurityWithUserGroups: Set this option totrueto enable the user group permission management functionality.GrantAccessToNewFormsForUserGroups: This setting only takes effect whenManageSecurityWithUserGroupsis set totrue. Options are:- A comma-separated list of user group aliases which will be granted access automatically to newly created forms.
- A value of
allwill give access to the form to all user groups. - A value of
form-creatorwill give access to all the user groups that the user who created the form is part of.
Summary
Newer versions of Umbraco Forms have improved support for GDPR compliance and security. If your site is in Umbraco 7 or Umbraco 8 and you are reviewing GDPR, consider upgrading to Umbraco 13 (Long Term Support) or Umbraco 14 (Standard Term Support).
Please explore the Umbraco Upgrade Series for more benefits from an Umbraco Upgrade.