In May 2018 the new regulations governing General Data Protection Regulation for all EU countries come in to effect. Personal data must be collected for specified explicit and legitimate purposes. Customers and contacts must be aware of the particular uses for this data. Customers have to “opt-in” rather than the widely used “opt-out” system. Proof of consent needs to be recorded. Consumers have a “Right to seek” data that is held about them Credit card details must be compliant with the Payment Card Industry Data Security Standard (PCI DSS).