On May 25th 2018, the General Data Protection Regulation (GDPR) came into force which focuses on the data protection and privacy of European Union citizens. The aim of this regulation is to give the EU citizens control on their personal data that is collected and used by websites and apps.
All websites and apps that deal with EU citizens or worldwide audience are required to adhere to this regulation or face a penalty of either $2 million or 2% of their annual turnover worldwide (whatever is more).
Here are the highlights of GDPR:
Explicitly taking permissions from users before soliciting data: As per GDPR guidelines, before any personal data is sought from an individual, an explicit permission should be taken along with clear description of where this data will be used and why. An example would be to have a tick box under a web form seeking permission from the user to store their data along with a mention of what that data is going to be used for.