The General Data Protection Regulation (GDPR) places a whole new set of requirements on car retailers’ IT systems and policies. Failure to adhere to the new rules risk a fine, the amount dependent on the severity of the breach, but potentially up to 4% of global turnover or €20million (whichever is greater). With the GDPR due to come into force on 25th May 2018, retailers must ask questions of their IT departments and partners to ensure they are compliant.
To learn more about GDPR download our FREE eBook.
Where could car retailers slip up under GDPR?
Car retailers can range from a single, independent business to a large group with dozens of sites across the UK. Their data protection requirements may vary but there are shared areas where they could find they are breaching the GDPR, such as:
- Employees having access to information unnecessary to their role
- Lack of controls to prevent unauthorised data downloads
- Data sharing policies and checks with third party suppliers
- Use of third-party websites and software for transferring data – e.g. Dropbox and Gmail.
While not an extensive list, this provides just some examples car retailers need to consider when preparing for the GDPR. They must ensure their policies, systems and protections are robust enough to satisfy the Information Commissioner’s Office (ICO) if a complaint is made or potential breach found.
For further insight into how the automotive industry is preparing for the GDPR, read our interview with Car Care Plan’s Head of Risk and Compliance Gavin Tinch.
Where can car retailers learn more about preparing for the GDPR?
The ICO also has an extensive guide on the GDPR, with checklists to ensure your business is compliant, steps to take in preparation, information on the new law’s requirements and much more. The website is regularly updated and includes links to relevant sections of the GDPR, to other ICO guidance and guidance produced by the EU’s Article 29 Working Party.