Builders, cleaners and gardeners could face huge fines just for sending an EMAIL to drum up business thanks to draconian EU laws on data protection
The new regulation allows fines of up to £18million for breaches of data security
BUILDERS, cleaners and gardeners could face crippling fines if they try to drum up business via email thanks to new EU laws on data protection, The Sun can reveal.
Under sweeping new powers to be introduced to the Commons this September, the Government would be able to issue bosses with fines of up to £18million if their firms use people's data - such as address or phone number - without permission.
Users would have to give their explicit consent to each possible use of their personal information by ticking a box online or filling out a form.
The law is aimed at curbing US tech giants, but it also imposes tough restrictions on sole traders, small businesses and charity fundraisers.
Entrepreneurs have been warned that the rules - called the General Data Protection Regulation (GDPR) - could have a crippling effect on start-ups.
The EU law takes effect next year - and will soon be enshrined in the British statute book so it will stay in force even after Brexit.
GDPR raises the maximum possible fine for misusing data or succumbing to a cyber-attack to €20million, or 4 per cent of turnover - whichever is larger.
The law also introduces a new "right to be forgotten" so individuals can demand their information is deleted, and forces businesses to report all data breaches within 72 hours.
Privacy campaigners have hailed the regulation as a new step forward for online rights - but small firms are furious about the burden of complying with the law.
The head of the Federation of Small Businesses said firms would have "sleepless nights" over GDPR.
Mike Cherry also called for the Government to step in with support for companies which are going to struggle to keep reams of data secure.
He told The Sun: "Many small businesses are already straining under the burden of the current data protection regime and some will be having sleepless nights thinking about how GDPR will add to this.
"Members have reported that the current regime is hitting their profits, hindering their ability to grow their workforce and resulting in lost orders and customers."
Entrepreneur Tom Davenport, founder of a tech firm, complained that he would face a large bill to comply with the EU regulations.
He said: "Our customers trust us with their data on the assumption that we won’t leak or lose it, which we don't. It's fundamentally pretty straightforward.
"It's frustrating therefore to now be hit with such a massive and complex piece of legislation in this area. I hear there may be benefits, but all we have seen so far are costs in both time and money."
'These unnecessary rules are costing us'
Tom Davenport is the co-founder of , a technology company based in London which helps graduates find jobs and now employs 10 people.
He told The Sun that GDPR would bring new costs to his business - even though it is already compliant with existing laws on data protection.
Mr Davenport said: "We hold millions of datapoints on our users and we already take protecting this very seriously. Our customers trust us with their data on the assumption that we won’t leak or lose it, which we don’t.
"It's fundamentally pretty straightforward. It's frustrating therefore to now be hit with such a massive and complex piece of legislation in this area.
"Some businesses may not be protecting data properly and so it’s right to change that. But at TalentPool we’ve been caught in the crossfire and we’re now going to have to make big changes and incur considerable costs to abide by rules which I just don’t think were intended for companies like us.
"We already abide by the very strict UK laws on this subject and we just don't need another set of rules. I hear there may be benefits, but all we have seen so far are costs in both time and money."
He added that there is a possibility the regulation could help some small firms which are "more agile" than multinationals, saying: "We’re all under pressure and the fact that we’re smaller may mean that we can adjust slightly better."
But he concluded: "Personally, I’d rather we weren’t under this new pressure at all."
A survey earlier this year found that 15 per cent of British companies are worried they could be forced to fold if hit with fines under GDPR - and firms will invest an average of £1.2million each to comply with the law.
The law applies even to sole traders - including handymen, gardeners, cleaners and minicab drivers - and also to charity fundraisers.
The Information Commissioner's Office said that the rules would not stop people using data for personal reasons, but would prevent individuals contacting friends and acquaintances to promote their business.
A spokesman told The Sun: "If a sole trader is promoting their services then this would be a business activity rather than a purely personal one and therefore the GDPR would apply to their processing of personal data for this purpose, just as the Data Protection Act does now."
Experts warned businesses that they must face up to their duties under GDPR - Steve Williams of accountancy firm Moore Stephens said "someone has to be responsible" for keeping data safe in future.
Tamzin Evershed, from consultancy firm Veritas Technologies, said most of the rules are similar to the existing Data Protection Act, adding: "If you had been compliant - like most companies aren't - you would not have a problem."
GDPR will form part of the Data Protection Bill announced in last month's Queen's Speech, full details of which will be published in September.
It is apparently aimed at curbing the power of American tech giants such as Amazon, Google and Facebook, because it will prevent them cashing in on users' data without explicit consent.
Anti-snooping campaigners Big Brother Watch are supporting the law - boss Renate Samson said: "We are all digital citizens now, and it's important we look after our data in the same way we look after our physical wellbeing.
MOST READ IN POLITICS
"Businesses should welcome GDPR - by adopting GDPR they will earn their customers' trust."
Data privacy expert Julian Saunders, who runs a company helping companies adjust to GDPR, told The Sun the regulation gives individuals "exciting new rights".
A spokesman for the Department for Digital, Culture, Media & Sport said today: "Government has worked hard to make sure that the new rules do not place unnecessary burdens on businesses. But it's only right that they take the necessary steps to protect their customer's data."
'I was indignant - but it might give me an edge'
Simon Lunness runs Holray Booking System, a Norfolk-based firm which provides a booking platform for holiday providers.
He told The Sun firms like his - with just three employees - had not been warned over the incoming law, and said he was "indignant" about the rules when a client told him about them.
Mr Lunness said: "You think, 'Well I've got a lot of things to do.' It is burdensome.
"If you're storing your data with Amazon and your data is in the cloud in the US - is that allowed?"
But he also said the new regime presented a chance for companies to think again about how they collect and store data from customers and suppliers.
He added: "There's an opportunity for small businesses to be ahead of the curve on this."