In April 2016, the European Union (EU) passed a regulation on data protection and privacy within EU territories. The law enforces that all sites that collect or process information collected from citizens or peoples within the EU must comply with the EU standards of disclosing how information is collected, how it is processed, and how long the information is stored on their systems. This law extends to websites and how they operate as well.
Organisations must also the 6 bases of how information is processed:- (consent, contract, public task, vital interest, legitimate interest or legal requirements). Failure to do so may result in a fine of up to EUR 20 Million, and/or a fine equal to 4% of your total revenue.