On 25th May the General Data Protection Regulation (GDPR) came into effect and changed entirely how businesses within the EU are expected to capture, store and process personal data.
Car dealerships have long relied on the legitimate collection of personal data to pursue sales leads, manage the sales process and provide personalised servicing, but the GDPR’s changes are far reaching and, for most dealerships, require a thorough re-think about how personal data flows through their organisation.
Rather than an inconvenience, however, this should be viewed as an opportunity to both comply with data protection laws and prove to customers that you have their best interests at heart.
What are the main GDPR challenges for dealerships?
As with any legislative change of this kind, there has been a fair amount of misinformation and scaremongering about the GDPR, therefore, obtaining the most accurate and relevant advice for your business can prove tricky if you simply head to Google.
The GDPR’s rules are relatively straightforward and it’s hard to argue with their goal of providing greater control for the owners of personal data. Unfortunately, with systems and processes that have been deeply embedded over the course of many years, car dealerships are now faced with a significant amount of work to become compliant.
There are many facets to the GDPR – far too many to include in this blog post, which is why it is highly advisable to employ the services of an expert if you haven’t already. They’ll guide you through the rules and identity exactly what you’ll need to do in order to become and remain GDPR compliant.
The importance of consent
A key task you’ll need to perform relates to the consent people will give or already have given for you to store their data.
It’s likely that you collect customer data such as names, email addresses and key dates via your dealership website and web apps. The forms used for this and the method by which they’re stored will need to be reviewed for GDPR compliance. Consent should never be assumed, and it should always be made clear why you’re asking for data and what you’ll be doing with it.
If you’ve already stored customer data, that too will need reviewing for consent. Providing the people on that list have willingly provided their details, you can contact them to ask them if they still consent to your marketing practices (and giving them the option to opt out, if not).
This task is one best performed as soon as possible, because it should leave you with a nice clean database that only contains people who have provided explicit, recorded consent to have their data stored.
The GDPR doesn’t have a huge impact on employee data at your dealership. Data protection for employees in this context has been low-risk historically, and this is likely to continue.
Despite this, it’s vital that the ways in which you capture, store and process employee data are still fair, lawful and transparent.
Under the GDPR, you simply need to ensure that you have updated any grounds for processing employee data, because blanket consent currently covered by your employment contract may not suffice.
Wrapping up: the 12 steps towards GDPR compliance
As previously noted, engaging with a GDPR expert is an important investment for car dealerships. To ensure you fully comply with the GDPR, you’ll need them to undertake an information audit that covers both digital and paper records.
There’s lots more you can do internally, and AM-online’s 12-steps to GDPR compliance should be read and enacted at every dealerships, no matter how big or small the operation.
The GDPR is the biggest change to data law in decades, but if you adhere to the rules and prepare, you’ll avoid the risk of the heavy fines and bad PR that may come with non-compliance.