There are lot of things that you need to consider in order to keep your website legal. I am no lawyer and please don’t take this as legal advice, but merely a few areas to consider and make sure you are within the law.
PCI Compliance for websites that process online payments
The PCI Standard was created to increase the controls around the data of the cardholders in order to reduce credit card fraud. Some businesses have to validate their compliance on a regular basis (such as annually or quarterly), by an external Assessor.