Following on from our previous GDPR article – and flagged in recent trade publications (e.g. ‘Trade told prepare for data protection rules’ Motor Trader June/July 2017) – dealers are advised to complete their preparation for the impending data protection rule changes to ensure dealers are compliant.
Biggest challenges posed by GDPR by motor dealers
Market commentators have stressed that dealers should:
- only hold personal customer data where permitted under recognised legal ground; and
- be able to (and do) properly protect such data.
To enable dealers to comply with the above points, key areas to be considered include;
- System providers: checking that each of the dealer’s providers confirm that such provider is ‘GDPR compliant’.
- GDPR policies and procedures: reviewing existing data policies and procedures to check all key areas are properly covered, plus having internal controls in place to continue to review both the policies and procedures, as well as their implementation, periodically.
- Practical Implementation of GDPR policies and procedures: consider how these are actually implemented including:
- are there any employees (particularly those directly involved with personal customer data) who would benefit from training/’upskilling’, e.g. educating them on what they can and cannot do when handling sensitive customer data. Industry specialists have highlighted that it could be something as simple as locking a computer when it is not in use
- should the training be diarised for regular ‘refreshers’/updates; and
- are all employees provided with a copy of the GDPR Policies and Procedures and have they signed to acknowledge they have read, understood and will comply with such policies.