ever one no the EU law there are something we have to look out for and need to add on admin side so the can work with eu law i hop some the information blow can help to understand thanks....
https://europa.eu/youreurope/citizens/c ... dex_en.htm
1:Agreeing to data processing – consent
When a company or organisation asks for your consent, you have to make a clear action agreeing to this, for example by signing a consent form or selecting yes from a clear yes/no option on a webpage.
It is not enough to simply opt out, for example by checking a box saying you don't want to receive marketing emails. You have to opt in and agree to your personal data being stored and/or re-used for this purpose.
2:Withdrawing consent to use personal data and the right to object
If you previously gave your consent for a company or organisation to use your personal data, you can contact the data controller (the person or body handling your personal data) and withdraw your permission at any time. Once you've withdrawn your permission, the company or organisation can no longer use your personal data.
3:Access to your personal data
You can request access to the personal data a company or organisation has about you, and you have the right to get a copy of your data, free of charge, in an accessible format. They should reply to you within 1 month and have to give you a copy of your personal data and any relevant information about how the data has been used, or is being used
4:Transferring your personal data (right to data portability)
In certain situations, you can ask a company or organisation to return your data to you or to transfer it directly to another company, if this is technically possible. This is known as "data portability". For example, you can use this right if you decide to switch from one service to another similar service – for example moving from one social media site to a new one – and you'd like your personal information to be quickly and easily transferred to the new service.