The short answer is not much, if your customers are NOT residing in the EU. But if they are then you would need to make your website compliant to the new General Data Protection Regulation (GDPR) by the European Union. The regulation was implemented on the 25th of May 2018 and requires any website owner to specifically take steps allowing visitors/customers to let them view and or delete their collected data from your website. Failing to implement these regulations could result in hefty fines.
The regulation covers all Personally identifiable information (PII), like:
- Name and other names used;
- Email and physical addresses;
- Social Security number, full and truncated;
- Driver’s license and other government identification numbers;
- Citizenship, legal status, gender, race/ethnicity;
- Birth date, place of birth;
- Home and personal cell telephone numbers;
And if not done so already you would need to implement measures to secure personal data of your visitors/clients, starting with SSL encryption of the website traffic with visitors/customers and protect and harden your website from potential attacks.