The answer = yes.
EU General Data Protection Regulation
After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance may face heavy fines.
The GDPR is all about visitors data that is collected whilst using your website and the way you deal with it.
If you collect any data from people interacting with your website then there are 3 things firstly that you must comply with.
if any visitors data is collected then they must be able to request to View, update, have a portable copy of this data sent to them and if requested have any data collected deleted.
The data must be stored securely, (HTTPS / SSL should cover this if your not encrypted then you need to be), this also has search engine ranking benefits, and if there is a data breach (Hacked / Stolen / Leaked) the the customer must be informed within 72hrs.
The penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million.
What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
More info to follow as we get closer to the 25th of May when it comes into force.