Law firm TLT has spelled out its top five GDPR compliance tips ahead of its masterclass on the new data protection legislation at Automotive Management Live.
Dealers should focus on a number of areas in order to comply with the new General Data Protection Regulation (GDPR), which comes into force on 25th May 2018, according to the legal experts which will take to the stage during the event at Birmingham's NEC on November 9th.
The list of top tips, created by TLT's legal director, data protection and privacy, Jenai Nissim, identifies five key areas for dealers to focus on ahead of next year's GDPR deadline.
The five areas Nissim identifies are as follows:
1. Processing personal data: Dealers should assess what personal data they are collecting and using to make sure they are compliant with the GDPR. They should also consider how the personal data is stored to make sure that it is adequately protected. Consideration should be given to employee and customer or prospective customer data.
2. Sharing personal data: Dealers should review all data sharing arrangements with third parties including finance companies and manufacturers to make sure these are compliant.
Nissim said: “Dealers share information regularly such as with the finance company, manufacturer and IT providers and in our experience, many don’t have contracts in place with adequate data protection clauses.
"Under current data protection legislation these contracts should already exist, however under the GDPR fines may be issued if these are not in place and if they do not contain the mandatory data processing clauses.”
3. New data subjects’ rights: Dealers should review their procedures for dealing with individuals’ rights under the GDPR and make sure these are updated. If they do not have any procedures in place then these should be created to make sure that they can comply with these new requirements.
4. Using personal data for marketing purposes: Dealers should consider what personal data they are using for marketing purposes, particularly electronic marketing, to ensure they comply with the new consent (where applicable) and privacy notice requirements under the GDPR. Consideration should be given to obtaining the correct opt-ins – whereby consent is given freely rather than requiring individuals to opt out of receiving marketing information. This is a big area of focus under the GDPR and the draft Electronic Privacy Regulation which is expected to be finalised in late 2017/early 2018.
5. Identifying and managing data breaches: Dealers should raise awareness of data protection compliance within their organisation and must train all members of staff on how to identify and what to do in relation to a personal data breach.
Nissim said: “All employees need to understand what constitutes a personal data breach and what to do if this happens, including telling managers straight away so that the issue can be escalated and decisions made about whether it needs to be reported to the regulator.”
The one-day Automotive Managment Live expo enables dealers to compare products and services from the sector’s suppliers in the main exhibition hall, attend a range of masterclass sessions where some of the ways to best approach essential operational activities will be explored, and listen to expert analysis from insight theatre speakers focusing on used cars and F&I as well as the GDPR.