Whenever a new piece of legislation comes into effect, you can bet that there will be a degree of scaremongering across the motor industry. GDPR is no different and, with penalties for businesses that do not comply ranging up to 4% of turnover, you can see why dealers might worry.
But I have good news: if you are being sensible with how you store and use data, you are unlikely to have any problems.
What do I mean by “sensible”? Well, there are a number of points you need to tackle but none of them should cause well-managed dealers too many problems. Fundamentally, you need to break the issue down into a handful of questions:
Can you justify why are you keeping hold of customer data? Do you have permission to use it in the way you want to? Is it being stored securely and anonymised where necessary? What measures are in place to ensure data is kept up to date? Can you effectively remove customer data from your systems? Are your systems set up to reflect these points? An excellent place to start answering these question is the Information Commissioner’s Office web site – ico.org.uk – which provides guidance that, to our mind, strikes a good balance between thoroughness and brevity. If you need to know the fundamentals of GDPR, visit there now. There is little point in me repeating it here. Instead, I’d like to talk about our specialist area at iVendi – online systems and how they may be affected by GDPR.
We believe that the biggest danger area here will be duplication of data across different systems. If, like ours, all the data for different parts of your online activity are stored in one place, then you will be fine, but some dealers use a piecemeal approach to their online activity, with customer data potentially duplicated in two, three or more systems.
This undoubtedly creates a host of problems and you will need watertight procedures in place to ensure that any change to data in one place is duplicated in others, and that the way GDPR applies to one use of the data on one platform also applies to others.
There is no easy way to do this other than through fairly laborious manual processes that are prone to error or avoidance, or by creating routines that will automatically duplicate the data. The latter could be quite time-consuming, expensive and difficult.
This, we believe, is where dealers will need professional help and advice – either to make their existing duplicate systems compliant or to look at new ways of handling their online activity to remove the need to store information in more than one place.
We would, of course, be pleased to help and offer guidance to existing iVendi customers and others facing these issues. In the meantime, good luck with implementing GDPR.