In about three weeks from now (25th May 2018), it is the day for the General Data Protection Regulation (GDPR) coming to effect.
In order to learn more about it, here are few good sources to study from:
- gdpr-info.eu - Here you can find the official PDF of the Regulation (EU) 2016/679 (General Data Protection Regulation) as a neatly arranged website
- privacyshield.gov - This site provides information to help EU and Swiss individuals understand how the Privacy Shield protects their personal data when it is transferred to a participating U.S. organization and how to address concerns regarding the handling of their data
- eugdpr.org - A resource to educate the public about the main elements of the General Data Protection Regulation (GDPR)
- imanagesystems.com - Your Visual Guide to the GDPR | IMS
- Finnish law: finlex.fi - Hallituksen esitys eduskunnalle EU:n yleistä tietosuoja-asetusta täydentäväksi lainsäädännöksi
In addition to those above, I am sure you have received several emails from different services that are informing you about updating their security regulations, in regards to the GDPR.
Bottom line is, in case you collect user information, there needs to be a document describing where that user information is being stored, how and where it is being used, and for how long period of time it is going to be stored. Users should be made aware of where they can request all their data and how to get all their data removed.