Today I will talk about the GDPR and what it means for SharePoint, among others.
What is GDPR?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) from 1995. The regulation was adopted on 27 April 2016. It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require any enabling legislation to be passed by national governments and is thus directly binding and applicable.
Source : Wikipedia
In summary, if you have a database containing information about a European person, you need to have a series of processes in place to explain why you have this data, what processes use that data, what is the duration of retention of this data, etc, etc ..
Microsoft helped to set up this regulation, they also made available a site explaining the different points. I urge you to learn more about this subject and especially, do not wait until the last minute!
Hoping this helps,