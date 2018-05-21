Home » World

Lisa Meyer’s hair salon is a cozy place where her mother serves homemade macaroons, children climb on chairs and customers chat above the whir of hairdryers.

Most of the time Meyer is focused on hairstyles, color trends and keeping up with appointments. But now she’s worried about how the European Union’s new data protection law will affect her as she contacts customers to seek permission to store their details.

Even though she supports the law, Meyer fears it may cut her mailing list by 90 percent as people choose to withhold their data or simply overlook her emails.

“It will be difficult to market upcoming events,” she said at her shop, Lisa Hauck Hair & Beauty in London.

Businesses from pizza parlors to airlines across the EU’s 28 countries are bombarding customers with emails seeking consent to use personal data as they rush to comply with the bloc’s General Data Protection Regulation, which takes effect May 25.

While much of the attention has focused on how technology giants like Facebook and Google will comply with the rules, consumers are learning firsthand that they apply to any firm, large or small, that stores personal data.

The new rules, called GDPR for short, are designed to make it easier for EU residents to give and withdraw permission for companies to use personal information, requiring consent forms that are written in simple language and no more than one-page long.

Companies that already hold such data have to reach out to customers and ask permission to retain it. Authorities can fine companies up to 4 percent of annual revenue or 20 million euros (US$23.6 million), whichever is higher, for breaching the rules.

As a result, email boxes all over the continent are being swamped with messages from opticians, hotels, greeting card companies and even charities that fear stiff penalties for non-compliance.

In an effort to rise above the clutter, some companies are trying to spice up their approach as they try to ensure continued access to information vital to their businesses.

The St. Pancras Hotels Group promises that “only nominated people have access to your details, and they are kept really safe, guarded by our very own British Bulldogs. And a rude punk rocker.”

Small business burden

Regulators say the law applies to anyone who collects, uses or stores personal data. That can be a burden for small businesses that are forced to hire outside lawyers or consultants.

The EU’s one-size-fits-all approach is one of the flaws in the law, according to Max Schrems, an Austrian privacy advocate who has formed a non-profit to take action against big companies that deliberately violate the new rules.

“GDPR is a prime example of corporate law gone wrong, because it’s helpful for big companies,” he said. “They have to do all of this anyway and they can use the uncertainty in the law to kind of get around things. But it leaves small companies that don't ... have a law department, or something like that, in a situation with a lot of uncertainty.”

The new rules apply to Meyer because she keeps data. Like many hair colorists, she keeps notes of any allergies. That's considered personal medical information.

“I find it actually quite scary how data is being used so carelessly,” Meyer said. "It's a good wake-up call.”