GDPR: Understand Data Processing and Take the First Steps

GDPR: UNDERSTAND DATA PROCESSING AND TAKE THE FIRST STEPS

2/9/2018

  • Product :
    • Dealer Management System
    • Tire and Fastfit Solution
    • Mobile Apps
    • Wholesale CRM
  • Categories:
    • Dealer Management
    • Importer Management
    • Automotive Retail
    • Automotive Wholesale
  • Tags:
    • incadea
    • Technology

In the last post we examined what the term “personal data” means, especially in the context of automotive retail. We have also introduced the core element of data privacy: protecting the personal data that was entrusted to us and making sure that only authorized persons can use it for valid reasons.

 

 

Now, what does “using data” mean, exactly?

In data privacy, using data is “processing” and here is how it is defined by the Article 4 GDPR:

“… any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”

To put it simply, processing data is everything from something as simple as looking at it to performing complex data analysis procedures.

To process data, you need to have the legal basis, “the green light” to do so. Article 6 GDPR defines six legal reasons to process data. Here they are, accompanied by examples from typical dealer operations:

  • To protect the vital interests of the data subject – contacting vehicle’s owners to perform a safety service campaign
  • Legal obligations – keeping individuals’ data of posted invoices or informing of suspicious purchases to authorities
  • Performance of a contract – collect and transfer data to check the credit rating of a customer looking to purchase a vehicle
  • Legitimate interests – sending payment reminders or advising a customer to do an additional repair to keep their vehicle functioning properly
  • Public interest – not so common in dealers businesses
  • Consent – this is the legal basis for everything else, and an important one!

 

Consent is key for most marketing and CRM activities.

The requirement to have it has been around for a while, but with GDPR there are a few important factors to keep in mind:

  • Consent should be given freely and explicitly, with a positive action such as ticking a checkbox or signing a form. This means no pre-ticked checkboxes anymore, and no implied consent.
  • The customer needs to understand clearly what they are giving consent for. The explanation must be easily accessible, concise and explain in simple terms what the customer can expect.
  • Customer needs to consent separately to separate data processing purposes. For example, if you want the customer to accept your terms of business and to subscribe to your newsletter, you need two checkboxes.
  • It must be easy to withdraw consent. You should record what the customer agreed to, how they did it and implement mechanisms for the customer to update their preferences.

 

 

So what do you need to do to prepare for the May 25 deadline? Get started with the following:

  1. Think, what personal data you are collecting and for what purpose. Check the list of legitimate reasons above – you need at least one of them to apply.
  2. Check whether you need and have explicit consent for any of your processing activities.
  3. Plan where and how you are going to capture consent both for your existing and future customers.
  4. Implement mechanisms to store and update consent information.

Now, to get you started on the IT part, we will provide some pointers in our next article. Stay tuned!

RELATED BLOG

Cracking the Code on Generation Z: Three Ways to Prepare for Your Future Customers

With the rapid aging of society within developed regions such as North America, East Asia, and the European Union, automobile manufacturers and retailers need to prepare to target younger consumers.

READ MORE

The D in GDPR: Personal Data in the Context of Automotive Retail

Let us take you through the main concepts and implications, without the intimidating legal terminology.

READ MORE

Is Japan the most innovative country in the world?

When you think of the most advanced countries within the technology or IT industries, among the first to come to mind is Japan. High expectations vs. reality.

READ MORE
RECENT BLOG

Are your DMS and other systems GDPR-compliant? A guide to assessment.

Understand how to assess various software you might be using in your dealership to make sure you are compliant with GDPR.

READ MORE

How to Ensure a Smooth Transition to a new DMS for Your Dealership’s Team

The best way to ensure the switch will go smoothly is to use all three ways to train your employees: online e-learning, on-site training, and post go-live support.

READ MORE

How to Increase Your Dealership’s Aftersales Revenue

Aftersales revenue is becoming increasingly important for car dealerships, especially in mature markets. Read on to see some tips on how to use your KPIs to increase your aftersales revenue.

READ MORE