GDPR Compliance (Legally required by 2018)
GDPR is due to come into force regardless of Brexit in 2018, the basics of it are -
Subject access (Dealt with as a company)
To have inaccuracies corrected (Dealt with as a company)
To prevent direct marketing (Already featured in WHMCS as per newsletter opt out)
To prevent automated decision making and profiling / data portability (Not an issue with WHMCS / hosting companys)
To have information erased (This presents a problem)
This would be worth looking at as should someone come and ask us to remove their profile on their system it would also remove the invoices, ther needs to be a way to retain the income against the type of product and stats. We sync with Xero and if you remove it one it removes it from the other.