The D in GDPR: Personal Data in the Context of Automotive Retail

THE D IN GDPR: PERSONAL DATA IN THE CONTEXT OF AUTOMOTIVE RETAIL

19/12/2017

At this point, you must have heard about the General Data Protection Regulation (GDPR), the impending May 25th 2018 milestone and the horrendous fines for non-compliance. First of all, don’t panic: keep in mind that the famous 20 million euro or 4% of the global turnover (whichever is higher) is the highest fine, applied to serious breaches. 

 


Secondly, take a few minutes to understand how this new data protection law affects car dealers. Let us take you through the main concepts and implications, without the intimidating legal terminology.



What is personal data?

Personal data, in the context of data privacy is more than what we find on a typical ID card - the term has a broader meaning. Article 4 of GDPR defines it as “any information relating to an identified or identifiable natural person”. Think about the data handled by a dealer relating to a person: from the contact information down to the brand of engine oil used during the last maintenance, credit limits, purchase intention, models of interest to the number of times the customer declined the workshop’s recommendations.

Think of data as your assets, similar to parts inventory

It is worth seeing personal data as assets needing to be sheltered, similar to the parts stock – we do not leave the parts warehouse open for everyone to help themselves. We make sure controls are in place to account for the parts inventory: only a few people have access and any spare part that is picked has a clear reason to go out e.g. for a car to be repaired. 

Similarly, we must put “boundaries” on the “inventory” of data - a set of controls to let only authorized people access it by “locking” the doors and defining the rules of usage. Just like you would establish rules, which spare parts need to be stored where and the valid reasons for them being taken out of the warehouse.

 



The challenge: Keeping track of and handling large amounts of data

It sounds simple – if we think of paper and filing cabinets – but these days technologies make it harder to identify where the data is. Contrary to physical goods, electronic data can be copied, reproduced and distributed in milliseconds. 

Let’s think of a simple scenario where a person driving to another town experiences a problem with their car.

Searching for a dealership and booking an appointment can be made from the vehicle. The dealer electronically gets not only the name of the person, contact information and the scope of the work, but also possible faulty conditions of the vehicle. Before reception, any situation related to the vehicle can be received from the manufacturer. After work was performed, the manufacturer would like to know what was done to feed a central vehicle history, evaluate workshop performance and even do predictive analysis, likely with artificial intelligence. Thus, personal data has been:

  • Collected: even before meeting the person, the dealer already has a bunch of data
  • Used: to do the repair, report taxes and get paid
  • Generated: by doing the repair, more data related to the individual was “created” - the visit itself, activities done, spare parts replaced, invoice, payment details, etc.
  • Shared with a third party to be used for other purposes.

Today, all this data is considered personal data, and its misuse, intended or not, is what we need to avoid in the spirit of data privacy. The dealer and manufacturer must handle this data with care and avoid unauthorized access. But there is an additional aspect: the control the individual has over the personal data – some activities from this example might stray away from what the person wanted. 

In the following post we look into the legal basis for processing how data.

RELATED BLOG

Cracking the Code on Generation Z: Three Ways to Prepare for Your Future Customers

With the rapid aging of society within developed regions such as North America, East Asia, and the European Union, automobile manufacturers and retailers need to prepare to target younger consumers.

READ MORE

GDPR: Understand Data Processing and Take the First Steps

What does "using data" mean and how do you do it right?

READ MORE

Is Japan the most innovative country in the world?

When you think of the most advanced countries within the technology or IT industries, among the first to come to mind is Japan. High expectations vs. reality.

READ MORE
RECENT BLOG

Are your DMS and other systems GDPR-compliant? A guide to assessment.

Understand how to assess various software you might be using in your dealership to make sure you are compliant with GDPR.

READ MORE

How to Ensure a Smooth Transition to a new DMS for Your Dealership’s Team

The best way to ensure the switch will go smoothly is to use all three ways to train your employees: online e-learning, on-site training, and post go-live support.

READ MORE

How to Increase Your Dealership’s Aftersales Revenue

Aftersales revenue is becoming increasingly important for car dealerships, especially in mature markets. Read on to see some tips on how to use your KPIs to increase your aftersales revenue.

READ MORE