This comes into force in Europe in May

Main points you have to comply with

*All data stored must be secure, electronic or paper formats and password protected.
*All unnecessary data must be deleted
*All clients must have the right to be removed and forgot.
*All clients must have opted in to be contacted by you for marketing
*You have to keep records of the client's contact preferences eg phone, text or email.
*you have to keep privacy statements informing clients how you keep their data and if you pass it on to 3rd parties you need to add this to your privacy statements....

Access to Your Personal Information
You are entitled to access the personal information that we hold. Email your request to our data protection officer your name here

Changes to this Privacy Notice
We keep our privacy notice under regular review. This privacy notice was last updated on the (date here).

So what will this mean to Sunshop

Most communications will come under "Legitimate interest "

So if you call or email your client and tell them your item is out of stock that is regarded as a Legitimate interest in your service. However, if you tell them we have XYZ as an alternative that is marketing and will not be legal unless you have their consent

if you do a bulk email campaign telling old clients that you have a sale on that will not be legal unless you have their consent

Changes to sun shop
When users register we need
an opt-in opt-out of marketing

Also, their desired preference for communications
Email, phone or snail mail

you can read more here