AM Online

Guest opinion: Why customer communication is the key to GDPR compliance

Paul Muers, global business development manager at autoVHC

Personal data is at the core of most businesses and forms the basis of a wide range of activities, from sales and marketing to customer relationship management;  but the ways we are able collect, store and use it are set to undergo a radical overhaul.

In May 2018, the Data Protection Act (DPA) will be replaced by the General Data Protection Regulation (GDPR) which will provide a framework with greater scope and tougher punishments for those who fail to comply with new rules around the storage and handling of personal data.

So, what exactly are the new rules?

Under GDPR the main change (and challenge) for businesses focuses on consent and the need to verify how, when and why personal information is collected, and that an individual has given their express permission for data to be used.

Even if a customer gives permission for their data to be used, it can be reversed.

The new rules will make it easier for customers to withdraw consent for the use of their details at any time.

Additional conditions of the GDPR will give individuals the right to request that an organisation discloses any personal data it holds on them (“the right of access”) and will also allow individuals to move personal data between service providers (“the right to data portability”).

Failure to comply with the GDPR could result in a fine of up to €20 million or 4% of annual turnover for the most serious contraventions.

What does the GDPR mean for dealerships in relation to vehicle aftersales?

The collection and use of customer data has a huge role to play in both business performance and customer retention.

On a daily basis, aftersales departments will use this information to market vehicle servicing and MOTs, to remind motorists when repair work is due, to alert them to beneficial offers or even just to thank them for their loyal custom.

Follow-ups, whether by phone, email, SMS or post, all require the use of personal information.

If members of the public have not given explicit consent for their data to be used in this way, then simple actions such as MOT and service reminders could become problematic – a sobering thought considering the typical service department makes up 50% of a dealership’s overall profits.

How can dealerships mitigate the risk?

As an initial call to action, franchised dealers should review their current approach to data collection, storage and use.

Although many of the GDPR’s main concepts echo those in the current Data Protection Act (DPA), there are many new elements and even existing principles may need to be actioned differently.

To help businesses prepare for the arrival of the GDPR, the Information Commissioner’s Office has set out a 12-step guide, featuring areas for consideration.

For aftersales departments in particular however, it’s also worth making a concerted effort to improve communication with customers.

As technicians know, a vehicle health check system represents a legitimate reason to collect and retain customer data. But how many customers are aware of this?

Now is the perfect time to remind motorists of the benefits that eVHC systems can offer, all of which necessitate the collection and use of personal data. This includes

1)Safety as a service
Electronic vehicle health check systems often feature an integrated SMS/email reminder function which uses stored data to automatically contact customers and remind them that their vehicle is due a service. By the same means, aftersales departments are also able to send timely reminders for repairs which, though not essential at the time of service, will become more pressing with time. Instead of leaving a customer to face the inconvenience of a vehicle fault, a quick reminder could ensure that issues are addressed before they become problematic or even dangerous.

2)Transparency and trust
Consensual use of email addresses means that technicians are able to supply customers with video/photographic evidence relating to any repair work that is required. Similarly, if recorded at the time of service, images of less urgent repairs can be stored against a customer’s details and reintroduced at a later stage. Such levels of transparency help to create a service that customers can have faith in while building a lasting level of trust.

Ultimately, it’s up to customers whether they want to give consent for their personal details to be collected and used.

Providing a transparent, detailed reasoning for data collection will, however, help customers make a more informed decision (and give your aftersales department peace of mind, knowing actions are fully GDPR compliant).

Author: Paul Muers, global business development manager at autoVHC

Click here for aftersales best practice and procurement insight

If you are not a registered user your comment will go to AM for approval before publishing. To avoid this requirement please register or login.

Login to comment


  • Keith - 03/10/2017 20:05

    This is incorrect information, what about lawful basis for processing data. If one considers one has a lawful basis to make contact as with MOT, consent is not required!

  • Keith Owen - 04/10/2017 13:42

    Paul, you are incorrect I'm afraid. Under GDPR you have a lawful basis to process data if you help a customer fulfil their legal responsibilities and MOT is a legal responsibility. It could also be considered that maintaining a vehicle to a road worthy standard is also a legal requirement and therefore a service reminder will also fall under lawful basis and with lawful basis you do not need consent. The customer can trump you but as long as you respect their wishes, there would not be a prosecution. There is no reason to stop service and MOT contact. Further, in the fulfilment of a contract to provide a service, you also have a lawful basis to process data and call a customer, so follow up is unlikely to be a problem. Only advertising and enquiry management will need consent because at this stage there is no contract. The only caveat is that your reminder should not contain advertising whether thats by email, text or phone call.