Final answer:
The company should consult the GDPR, ISO, and PCI DSS to ensure compliance with European data privacy laws and establish best practices for handling personal information.
Step-by-step explanation:
The company should consult the GDPR (EU General Data Protection Regulation) to ensure that it is complying with European data privacy laws. The GDPR provides comprehensive protection to individuals' personal data and applies to both private businesses and government agencies. It outlines specific instances in which data can be gathered or processed.
The company may also consider consulting the ISO (International Organization for Standardization), which has a series of standards for information security management systems. These standards can help the company establish best practices for handling personal information.
Another relevant resource for the company to consult is the PCI DSS (Payment Card Industry Data Security Standard) if it handles payment card information. The PCI DSS sets security requirements for businesses that process, store, or transmit payment card information to protect against cardholder data breaches.