Do I need any sort of gdpr/cookie/localstorage notification if I only save data when the user creates an account?

Question

I've made a website which is going into production soon. The website doesn't store any information about the user unless they create an account, in which case I save username, email and a password to a database, and a token in local-storage.

Do I need any sort of notification when the user navigates to the site?

Answer 1

The short answer is "Yes".

You'll have to check the full legal requirements, but basically if you are going to sell the users email on to marketing companies, that is 'a bad thing' and you should get their consent.

If you are not intending to do that kind of thing, then think about what assurance you can give the user that this will remain the case after elon musk offers you £££ for your website.

ie. you need to tell them why you want their email, say what you will use it for and promise to keep it safe from hackers.

Really you are better off not collecting it at all.