On 25 May 2018, the most significant piece of European data protection legislation to be introduced in 20 years will come into force.
The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.
What is GDPR?
GDPR stands for General Data Protection Regulation, read more about it on the official site. In short with GDPR compliance a user should be asked for consent before taking his or her personal data, view / edit his submitted data and on part of the site owner (controller/processor) need to make sure they protect the user data and if breached inform the affected users timely as well as concerned authorities. That's the gist of it. If you handle EU customers even if your business is not based in EU, this directive applies to you too.