NFDA warns industry of 'harsh fines' for non-compliance with future data protection rules

The National Francised Dealers' Association (NFDA) has warned dealers of the need to understand the upcoming General Data Protection Regulation (GDPR) in May, in order to avoid "harsh fines".

Failure to comply with GDPR can result in fines of up to €20 million or 4% of annual turnover for the most serious contraventions. Following the first workshop run by NFDA solicitors TLT on April 11, a second one will take place on July 6 .

A further workshop will follow in the summer.

NFDA’s director Sue Robinson (pictured) said: “With the approaching deadline of May 25 for all organisations to comply with the new GDPR, it is imperative that organisations have a compliance strategy in place, as failure to comply will result in extremely harsh fines”

Some of the steps that organisations must take include:

Carrying out a data mapping exercise to understand how their personal data are being collected and used
Reviewing contracts which include data processes and data sharing with third parties
Reviewing cases where personal data is processed based on the "consent" of the individual
Ensuring current privacy notices have mandatory information required under GDPR
Appointing a Data Protection Officer (DPO) where necessary
Ensuring that language used in privacy notices is clear, concise and easy to understand and that contractual provisions clearly set out the rights and obligations of both parties.

“To assist NFDA members in meeting the challenge of compliance we are running a further workshop to outline the necessary steps required," said Robinson. A date has yet to be announced.

"We have also drawn up a questionnaire and a letter which dealers can send to suppliers, manufacturers, dealership management system providers (DMS), insurers and finance houses to understand how they are using their data.

“We have contacted manufacturers to request what steps they are taking to ensure that there is a co-ordinated industry approach. Preparing for compliance will take significant time and resources and putting in place a GDPR implementation programme is a critical priority to ensure that businesses can continue to use and share data in compliance with applicable laws.

“We urge dealers to take the whole GDPR issue very seriously and contact us to attend the workshop or if they need any further guidance on the issue.”