AM Online

GDPR: The impact on car dealers two years on

GDPR data transfer

Nearly two years on from the introduction of general data protection regulation (GDPR) there’s still confusion for car dealers over how they keep in contact and maintain customer databases.

This confusion has meant that in some of the most extreme cases dealers had wiped out 85% of their customer databases by pursuing current customers to see if they wanted to opt out of communications.

The intention was positive, but according to Fraser Brown, managing director at dealer consultancy company Motorvise, many dealers did not realise they could still continue to contact existing customers based on “legitimate interest”.

The Information Commissioner’s Office (ICO) own guidelines state although organisations can generally only send marketing texts or emails with specific consent, there is an exception to this rule for existing customers, known as the ‘soft opt-in’.

This means dealers can send marketing texts or emails if they have obtained the contact details in the course of a sale (or negotiations for a sale) of a product or service to that person;  they are only marketing their own similar products or services; and they gave the person a simple opportunity to refuse or opt out of the marketing, both when first collecting the details and in every message after that.

Brown said: “Many consultants and legal firms were professing the need to gain opt-in consent to allow dealers to contact customers and there was a belief the way we could do business would change beyond recognition.

“After a couple of months after the deadline for GDPR in May 2018 most dealer groups had already committed to pursuing existing customers for consent to continue communication rather than the commercially sensible option of legitimate interest.”

Brown said that when writing to an existing customer to ask them to consent to marketing, it is likely that at best 15% will actively opt in.

Dealer management systems (DMS) did eventually catch up with the legislation, but Brown said many went into overkill mode with more than 12 different options for the customer to choose from.

Brown said: “We have spent much of the last two years going into dealer groups and sorting out the mess left by poor advice and opt-in consent guidance, changing their data policy and re-working the database to dealer groups to market to more of their customers.”

Jeremy Evans, Marketing Delivery managing director, described legitimate interest as a “short-term sticking plaster” and said it is no long-term replacement for the application of comprehensive enquiry management best practice, including processes for securing and recording consent.

He added: “Legitimate interest allows a dealer to contact customers in an active enquiry cycle today, or existing customers who may have recently visited the showroom or workshop for any aftersales work. But consent is still king. Dealers must proactively seek contact consent from prospects if they are to continue meeting their longer-term marketing objectives, as well as their legal obligations.”

For instance, if a customer enquired about a new car three years ago, but didn’t buy that vehicle, dealers should not claim they have a legitimate interest if they then retarget that same customer today. This is only possible if the dealer has previously gained consent from the customer to contact them again.

Evans said dealers have invested time in improving enquiry management processes, and sales staff trained in those processes often get growth in recorded enquiry volumes.

Many also get rising consent rates, enabling them to contact those prospects with future marketing, too. This remains the case even in instances where showroom traffic has fallen over the same period.

Marketing Delivery’s own data shows that when comparing pre-GDPR to Q4 2019 the capture rates are broadly level for both email and SMS.

The upshot is that email consent has stabilised around the 70% mark after GDPR, while SMS consent has dropped to the mid-50s.

Marketing Delivery also compared volumes of recorded enquiries in 2018 vs 2019, using like-for-like dealer clients (same dealers across both years).

Recorded enquiries in 2019 among this group of dealers totalled 626,962, compared to 496,295 in 2018 – an increase of 26%. This backs up Marketing Delivery’s view that concentrating on data processes and recording all leads has benefits for dealers, despite a perceived drop in in-bound enquiry levels or showroom traffic.

Dom Threlfall, Pebley Beach managing director, said customers are much more aware of their own rights with regards to their data and that the press around GDPR was so high profile in 2018 that it also means there is an acceptance around consent.

Pebley Beach started preparing for GDPR in December 2016, way before the deadline, and its DMS Pinewood Pinnacle was GDPR-compliant before the implementation date too.

The dealer group has a GDPR refresher course that staff go through on a regular basis. There is also a section on GDPR for all new starters which is a little more in-depth.

Threlfall said: “The important thing is that you can show that staff have had training and refreshers and that process is documented.

“The things that have caught some staff have been more on the physical side where documents may be left on a desk between fetching a coffee. Small things, but they’re the sort of things you need to catch and be mindful of.”

Threlfall said there has been a drop in the number of people the business is mailshotting, but that’s actually been a benefit because their marketing is now more targeted and costs have actually been reduced.

He said: “We were contacting too many people before, but now our data is much cleaner and we’re seeing a greater click-through rate in comparison to before.”

Pebley Beach is now rated at 95% for data health by its manufacturers. This means all the information in the fields is in the right place and there aren’t errors in the database.

Threlfall said: “We are lucky to have a 60-70% customer retention rate anyway, but I have seen other businesses that have had a dramatic increase in their data health since GDPR. Before, they were logging details on scraps of paper, but now there are more professional processes in place.”

The ICO would not comment specifically on the performance of the automotive industry, but said the focus for businesses had gone from baseline compliance to accountability.

Elizabeth Denham, ICO UK information commissioner said: “Organisations need to shift their focus to accountability with a real, evidenced understanding of the risks to individuals in the way they process data and how those risks should be mitigated.

“Strong accountability frameworks are the backbone of formalising the move of our profession away from box-ticking.”

Is a fine for the automotive industry on the cards?

The ICO has already shown its teeth for GDPR enforcement, with high-profile fines for British Airways and Morrisons.

Following an extensive investigation, the ICO issued a notice of its intention to fine British Airways £183.39m in July last year for GDPR infringements after data on 500,000 customers was compromised.

The High Court ruled last year that Morrisons was vicariously liable after a former employee posted the names, addresses, bank account details, national insurance numbers and salaries of more than 100,000 employees online. More than 5,500 claimants are seeking a payout in the case.

Morrisons has appealed the case and the Supreme Court will deliver a verdict this year.

Threlfall thinks it’s possible the ICO could make an example of a dealer group this year.

He said: “It will have to be a persistent offender or a business that has a systematic failing in how they’re handling data. There might be breaches or a failure in process, but if that’s reported or handled, I can’t see the ICO auditing a dealer group just for that.

“It’s where there are persistent failures that there will be a problem, and from my perspective it feels like the good retailers have taken this seriously.”

Brown said an ICO fine is one of the biggest risks to the automotive industry right now.

He thinks that if there is a fine it will be for systematic failures over acting on opt-out requests for customers.

Brown said: “There still aren’t processes in place with many dealer groups to make sure that when customers do opt out that request is actually processed.

“It will come through to the sales team or someone in the business will pick it up and forget about it. We have seen cases where a customer has got in contact nine times to be removed from a mailing list.

“If you’re repeatedly failing to respect a customer’s wishes, that’s going to attract the ICO’s attention.”

Click here for technology best practice and procurement insight

If you are not a registered user your comment will go to AM for approval before publishing. To avoid this requirement please register or login.

Login to comment


No comments have been made yet.