Companies are falling foul of current data protection law in their attempts to stay ahead of the forthcoming General Data Protection Regulation (GDPR), warned Jenai Nissim, legal director, data protection and privacy at UK law firm TLT.
As part of the data insight theatre at Automotive Management Live (being held on November 9 at Birmingham NEC), Nissim will highlight areas that car dealers should tackle before the new legislation comes into force on May 25, 2018.
She said: “The GDPR is one of the biggest changes in data legislation in decades, with all organisations being required to review the use of personal data for electronic marketing, how they interact with people and what privacy information they provide.
“Organisations are also required to review how they share personal data with other third parties and how they can monitor and demonstrate compliance with the GDPR. For many organisations, complying with the GDPR will be easier as they already comply with current data protection legislation. But, sadly, not all organisations are in that position an they face a challenging time ahead.”
The GDPR introduces stricter requirements surrounding the processing of personal data, together with more powers for the regulator, the Information Commissioner’s Office (ICO) in the UK. The ICO will be able to impose fines of more than £18 million (€20m) or 4% of global turnover for a breach of the GDPR.
Nissim said fining organisations will be the ICO’s last resort, but she warned that organisations doing nothing to improve their information practices to comply with the GDPR could find themselves on the ICO’s radar.
She also urged businesses to be cautious with how they approach compliance: “Recent ICO enforcement action has highlighted where organisations are taking steps to comply with the GDPR, but are inadvertently breaching current data protection legislation, resulting in large fines.
“Organisations are so intent on doing the right thing to ensure they are compliant under the GDPR, that they sometimes take a riskier approach to compliance than they should.”
She said businesses such as car dealers need to be careful how they approach their plan to be GDPR-compliant.
“The GDPR is more than just making sure that they have consent to send marketing. It is about reviewing all of their data-processing activities, not just one area,” she added.
As a starting point, Nissim recommends that all dealers should think about the data they are processing, why they are processing it and with whom it is being shared. They should also consider what internal data protection processes and procedures they have that relate
to data protection, and identify any key gaps. This will help to inform dealers of the steps they should take next.
Marketing publication The Drum reported an ICO case in June in which Morrisons was fined £10,500 for breaking privacy and electronic communication regulations, after it emailed more than 130,000 people who had opted out of receiving marketing information.
Nissim will be joined in the data insight theatre by PKF Cooper Parry’s director of IT consultancy, Dan Moore, who will also highlight key GDPR compliance issues as well as looking at how car dealers can improve their cybersecurity against criminal attack.
Automotive Management Live will also feature insight theatres on F&I and used cars.
For more information, contact: Nicola Baxter Tel: +44 (0)1733 468289