AM Online

Guest opinion: a quick guide to staying the right side of the GDPR law

Simon Verona

GDPR (the EU’s General Data Protection Regulations) comes into force in May 2018, giving huge new powers to the consumer in terms of who can use their personal data and for what. 

GDPR places pressure on dealerships to gain their customers’ explicit permission to store and use their data and to use it in only the way the customer has agreed and no other.

Failure to comply with this new law can mean draconian fines of either 4% of turnover or of up to €20 million.

What is GDPR?

The EU’s General Data Protection Regulation comes into force in May 2018 and delivers to the customer total control over who can use their personal data and for what.

It greatly limits what businesses can use customer data for.

GDPR is totally consumer-focussed and will change the way businesses use data forever.


This is a customer ‘opt-in’ process where explicit permission must be seen to be given, including activities allowed for each customer’s data.

The permission must be specific, unambiguous and transparent.

Any business must be able to prove it has the explicit permission of each customer to store and use their data.  That permission must be kept up-to-date and only applies to the specific activities the customer allows.

GDPR does away with the usual ‘tick box’ opt-out that previously enabled businesses to use customer data.

The default for a customer is that no marketing communications are allowed, unless specific permission is given.

Keeping up-to-date

Business must regularly review their customers’ marketing preferences under GDPR.  Up-to-date permissions must be available for inspection. The data itself has to also be up-to-date.

Data ages and it must be regularly cleansed. It must also only be kept and used if a demonstrable business use can be shown.

The ability to opt-out of marketing

GDPR introduces new standards for the customer opt-out.

Customers must be able to opt-out easily and at any time

The right to be forgotten

The customer’s right to be forgotten enables the consumer to demand that the business holding their data deletes it.

Access to data

Customers have a right to see all the data you hold on them and to review it.

They also have the right to then take it from you and pass it on to whoever they wish.

The cost of getting GDPR wrong

GDPR is far more draconian than the Data Protection Act.  Whereas the DPA had maximum fines of £5,000, failure to comply with this new law can mean fines of 4% of turnover or of up to €20 million.

Are you GDPR-ready?

Most leading DMS suppliers should be providing a GDPR-ready system for their customers.  These upgrades should be free of charge as they are 100% essential for you to run your business. 

Author: Simon Verona (pictured), managing director of DMS Navigator

If you are not a registered user your comment will go to AM for approval before publishing. To avoid this requirement please register or login.

Login to comment


No comments have been made yet.