On May 25, 2018, the EU General Data Protection Regulation (GDPR) will go into effect. Essentially, itÔÇÖs a law that gives EU citizens the right to know what data a particular website collects, how itÔÇÖs secured and how itÔÇÖs used.
 
While you may think that this only applies to websites in Europe, it actually can affect any website that has European visitors. This regulation has rules regarding the deletion (upon request from a user) of specific user data, how to notify users in the event of a data breach ÔÇô among others. Non-compliance could even mean fines from the EU, although it would seem that the target here would be large international corporations more than the mom-and-pop website owner.
 
Still, this regulation is a bit of a hot mess for website owners worldwide. ItÔÇÖs a rather complicated issue. Therefore, I would strongly recommend that anyone who has concerns about GDPR to consult with an attorney. TheyÔÇÖre your best source for information and ways to protect yourself. While I can provide very general information, IÔÇÖm in no way able to provide legal advice.
 
One thing that has been recommended is for site owners to ensure that they have a privacy policy on their website. There are many templates available for you to use and customize to fit your needs, including this one from Automattic (the company of Matt Mullenweg, co-founder of WordPress).
 
Again, if you are concerned about compliance, please do consult a legal professional. IÔÇÖll be glad to work with both you and them to put any recommended measures in place.
