Motor trade needs new data skills
Thousands of UK companies involved in the motor trade have been urged to step up preparations for stringent new data protection laws.
The £71 billion vehicle manufacturing and distribution sector needs to start investing in new systems, software and skills to be compliant with the EU General Data Protection Regulation (GDPR).
This new legislation comes into effect in May 2018, replacing existing data protection laws and offering consumers far greater control over their personal information.
It affects all sectors of the automotive industry as it covers any organisation which holds information on EU citizens, making it a global law irrespective of Brexit.
Non-compliance carries fines of up to 20 million euros (or companies may have to pay out 4% of global turnover).
The GDPR will particularly impact on motor traders, as it introduces strict new controls on the way personal information can be requested, held, used and transferred. That includes information obtained when customers make enquiries and data obtained from third parties, right through to information on existing purchasers.
Encryption of data
There are already data protection rules governing the way motor traders deal with personal information – and concern that compliance is not as widespread as it should be.
The new law requires tangible proof that auto retailers are providing customers with sufficient instruction on how their information is being collated, what it will be used for, and why.
There are also more complex rules on sharing and disposing of data, and allowing customers access to any personal information stored.
One of the biggest innovations of the GDPR is the mandate that all personal information held on customers or staff will have to be encrypted, and pseudonyms added to protect names. This is to combat the 475% increase in data breaches in 2016. The aim is to ensure that all personal data is useless if it falls into the wrong hands.
For motor trade and other auto related industries, it means developing clear procedures on who will hold encryption keys, and under what circumstances data can be “shared” and used even internally.
Data Protection Officers needed
Compliance to the GDPR has been referred to as a “journey not a destination”. Many companies will need to recruit or appoint Data protection officers to oversee the complex new procedures and systems required.
Auto related companies have also been urged to check their insurance policies carefully. It is vital to have sufficient cyber-security risk cover.