Security Measures in Place to Protect Data
The industry-standard safety measure for protecting private information is the use of a Secure Socket Layers (SSL) system. With SSLs, information fed into a website by users is automatically encrypted and coded, which prevents a breach during transmission.
You're free to integrate as many security measures as you want as long as malicious parties or unrestricted personnel can't intercept or have access to user information.
Here's how Bath and Body Works explained its security measures in place. It doesn't go too technical on what they do, but its description manages to assure customers that their details are safe:
Rights of the Users
Under the EU's GDPR laws, you should also inform your users of the rights they have with their data. Under these rights, users should be able to request, update, transfer, view or erase their data (where applicable) upon request.
The GDPR outlines explicitly that the user has a right to:
How Long You Will Retain Collected Information
As a business owner, you should also let your users know how long you intend to keep their information in your database.