On May the 25th 2018 GDPR becomes/has become the new European law for businesses and organisations that store or process personal user data. This post is from the perspective of what you need to consider when storing and collecting data from your website users.
The object of GDPR is to bring back more control to the individual about how their personal data is used. This includes the ability to change or withdraw their personal information at any time. Now that detailed personal information is stored electronically, it’s easily transferred due to hacking, leaks or unethical practices. GDPR covers hard copy as well so be sure to consider anything held also in this form.