GDPR: Understand Data Processing and Take the First Steps



In the last post we examined what the term “personal data” means, especially in the context of automotive retail. We have also introduced the core element of data privacy: protecting the personal data that was entrusted to us and making sure that only authorized persons can use it for valid reasons.



Now, what does “using data” mean, exactly?

In data privacy, using data is “processing” and here is how it is defined by the Article 4 GDPR:

“… any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”

To put it simply, processing data is everything from something as simple as looking at it to performing complex data analysis procedures.

To process data, you need to have the legal basis, “the green light” to do so. Article 6 GDPR defines six legal reasons to process data. Here they are, accompanied by examples from typical dealer operations:

  • To protect the vital interests of the data subject – contacting vehicle’s owners to perform a safety service campaign
  • Legal obligations – keeping individuals’ data of posted invoices or informing of suspicious purchases to authorities
  • Performance of a contract – collect and transfer data to check the credit rating of a customer looking to purchase a vehicle
  • Legitimate interests – sending payment reminders or advising a customer to do an additional repair to keep their vehicle functioning properly
  • Public interest – not so common in dealers businesses
  • Consent – this is the legal basis for everything else, and an important one!


Consent is key for most marketing and CRM activities.

The requirement to have it has been around for a while, but with GDPR there are a few important factors to keep in mind:

  • Consent should be given freely and explicitly, with a positive action such as ticking a checkbox or signing a form. This means no pre-ticked checkboxes anymore, and no implied consent.
  • The customer needs to understand clearly what they are giving consent for. The explanation must be easily accessible, concise and explain in simple terms what the customer can expect.
  • Customer needs to consent separately to separate data processing purposes. For example, if you want the customer to accept your terms of business and to subscribe to your newsletter, you need two checkboxes.
  • It must be easy to withdraw consent. You should record what the customer agreed to, how they did it and implement mechanisms for the customer to update their preferences.



So what do you need to do to prepare for the May 25 deadline? Get started with the following:

  1. Think, what personal data you are collecting and for what purpose. Check the list of legitimate reasons above – you need at least one of them to apply.
  2. Check whether you need and have explicit consent for any of your processing activities.
  3. Plan where and how you are going to capture consent both for your existing and future customers.
  4. Implement mechanisms to store and update consent information.

Now, to get you started on the IT part, we will provide some pointers in our next article. Stay tuned!


Cracking the Code on Generation Z: Three Ways to Prepare for Your Future Customers

With the rapid aging of society within developed regions such as North America, East Asia, and the European Union, automobile manufacturers and retailers need to prepare to target younger consumers.


The D in GDPR: Personal Data in the Context of Automotive Retail

Let us take you through the main concepts and implications, without the intimidating legal terminology.


Is Japan the most innovative country in the world?

When you think of the most advanced countries within the technology or IT industries, among the first to come to mind is Japan. High expectations vs. reality.


Mechanic's efficiency in incadea.dms

Nowadays, modern DMS has to satisfy various functional criteria required by car dealerships. One of the most demanded functions is calculating mechanic's efficiency.


Handling of Repeated Repairs in the incadea.dms

Good service managers know that repeated repairs jobs are very costly and time-consuming, but the poor quality of the initial work can take its toll on the customer base and dealership reputation.


Efficient system solutions to follow Industry Standard in the Workshop!

Efficient system solutions like fluid management systems, lubricant dispensers, and portable pumps provide speed, accuracy, and flexibility to handle liquids in the workshop.