Since 25th May 2018 all websites in Europe are required to be GDPR compliant. What this means in practice is that you ned a clear privacy Policy stored on your website explaining how you store and use peoples data. Also a cookie warning is needed. I have had my Privacy policy checked by a GDPR compliance officer and offer out a services to all my clients to install a policy and cookie pop up warning.

https://www.lucymaddison.com/privacy-policy/