Privacy & Security in user database [closed]

Question

I'm currently working on some user databse with lots of confidential information (addresses, phone numbers etc).

What would be the best method to store it in a database? Just plain text? Encrypted with some kind of hash so a hacker cant decrypt it easily?

How is this regulated in the law? (Webserver in germany, .com domain at Netfirms, i'm currently in the Netherlands)

Wat about password security?, i know there are some md5 bruteforcers around there (cracked some hashes for me in the past in only seconds...)

Are there any free SSL certificates wich are "trusted" so users don't get popups?, else were to buy cheap one's for .com domains?

Im sorry to polarize my questions so much but all the questions are less or more on the same subject.

Answer 1

You need to get legal advice to assemble the list of legal requirements that apply for the data you are processing. This is not a technical question at all.

Then you need to get in compliance, and finally get that compliance reviewed by whatever system is applical for your legal requirements. Again, this is not a technical question at all.

The technical implementation addressing the legal issues is a minor detail, that with the problem statement given by you cannot even roughly sketched in any meaningful way.