“The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Although it was drafted and passed by the European Union (EU), it imposes obligations on organizations everywhere, as long as they target or collect data related to individuals in the EU. The regulation came into force on May 25, 2018. The GDPR will impose stiff fines on those who violate its privacy and security rules, with penalties reaching tens of millions of euros.”
A user consent form must be available anywhere on the website when user information may be collected. Email address and IP address are also user information.
A right to data deletion form should also be provided.