1. Home
  2. Knowledge Base
  3. Embedding a Reporting Form into your Websites

Embedding a Reporting Form into your Websites

ProvePrivacy provides three different incident reporting forms for use on your External and Internal (Intranet) Websites, these forms are:

  • Data Breach Reporting Form – Used Internally to improve the ability for colleagues to raise suspicion of a data breach (Not recommended for your external website).
  • Data Protection Complaint Form – Used to raise a data protection complaint – Versions are available for Data Subjects (External) and Colleagues (Internal)
  • Data Subjects Rights Form – Used to raise any data subjects rights request, such as a DSAR – Versions are available for Data Subjects (External) and Colleagues (Internal)

External and Internal forms are different as external forms are designed to be completed by the data subject. – Therefore you may need to generate each form twice if you require then for external reporting.

Internal forms are built specifically for inclusion as a ‘web-part’ within your SharePoint Intranet.

Create Token & Script

In order to embed an incident reporting form into your intranet site or your customer facing you must first create the website code for your website team.

Only available to a ‘Customer Administrator’ user: From the User Menu (top right) select ‘Settings’ and then select the ‘Incident forms’ tab, which will show the form below:

Add the domain names for the External website and the Intranet website in the Allowed Domains section and select ‘Save Domains’.

Select the period of time you want the token to remain active.

Select Generate Token & Code

The codes will be generated and download buttons will become available.

Click on the appropriate button to download your code (as a HTML file). – This can then be sent to your website team to add to the site.

What to do if You Suspect your Forms have been Compromised.

If you suspect that your tokens have been compromised, you may elect to re-generate new forms to limit any adverse effects.

We have included a simple procedure which invalidates all previous codes, which is achieved by selecting the ‘Revoke All Existing Embed Tokens’ button.

Once tokens have been revoked all of the current forms will stop working and you will need to re-generate new code and re-apply the new code to your websites.

Enabling the ‘Web-Part’ by a SharePoint Administrator

To establish a secure link between your SharePoint site and the ProvePrivacy platform, you must first generate your security token/website code (iframe) using the instructions above.

Once the security token has been generated you will be provided with a short script which will need to be embedded into a page on your SharePoint site.  You must not disclose this script to any unauthorized parties.

The following set up procedure must be carried out with the appropriate administration permissions for the SharePoint site.

Edit Site Permissions

A SharePoint Administrator must first allow access to the ProvePrivacy system by adding the site address to the HTML field security. 

In Site Settings, select HTML Field Security

Ensure that the Allow Contributors to insert iframes only from the following domains is selected.

Enter the domain breachreport.proveprivacy.com into the field and click Add

Click OK

Important Notes

• Without providing both Domain and Token Expiry, the token cannot be generated. Backend validation will prevent it.
• If the domain is changed after generating and submitting the token, a new token must be generated.
• Please ensure you always share the complete script with the website team. Do not send only the token. The full script is required for the form to load properly on your website.

Was this article helpful?
Scroll to Top

Contact us

If you would like to ask more questions or to arrange training, complete the form below and we will respond shortly.

Prefer to schedule a 15 minute call? Schedule call today >>

See our Privacy Statement for more details.