Compare cars side by side to save time clicking backwards and forwards between them.
Maximum number of cars added to compare list.
We need your postcode in order to provide accurate search results.
The NFDA has set up a dedicated GDPR helpline for its members. One of the most popular questions we are asked is around sending service and MOT reminders to customers. For clarity we have included the Q & A below. If you have any queries or questions regarding GDPR compliance please call the helpline on 01788 538303.
“My manufacturer has stated that it would be acceptable for me to contact our long term customers for MOT and service reminders without obtaining consent”
Under the General Data Protection Regulation (GDPR), contacting, for example via email or telephone, a customer about a service and/or MOT reminder is likely to be classed as marketing. This is because in most cases there is unlikely to be a legal obligation on a dealership to inform their customer about a due MOT or service. Whilst many customers are pleased to receive these reminders, they are technically the responsibility of the customer to remember.
This is separate to, for example, vehicle recalls, where there is a legal obligation to inform the customer that their vehicle is under recall.
Therefore, to contact a customer to remind them about an upcoming MOT or service, you will need to consider how you do this in compliance with the GDPR and another price of legislation called the Electronic Privacy Communications Regulations (PECR).
The GDPR sets out a number of legal bases (conditions) for processing personal data. In order to process personal data under the GDPR to remind individuals for example about an upcoming MOT or service you will need to ensure that you meet one of these conditions.
Under the GDPR you can send marketing to individuals by relying on the legitimate interest legal basis. This is set out in Recital 47.
However, although legitimate interests are the most flexible basis for processing, you cannot assume it will always be the most appropriate. An assessment must be made to ensure that the processing meets the threshold required to rely on legitimate interests as a lawful basis and you must advise individuals that they have a right to object to processing under Article 21.
You must, also consider the method by which you are marketing to individuals. This is because PECR states that you have to have consent to send electronic marketing (fax, SMS and email) unless you can rely on an exemption which is called soft-opt in. Note this exemption only applies to the “person” collecting the personal data, therefore if you are using brought in or third party marketing lists it is very unlikely that you can rely on this exemption.
Soft-opt in applies where:
PECR also contains rules relating to live calls and automated calls; general overviews of the rules are set out below:
You do not necessarily need consent to make live calls, however you must comply with the provisions set out above when making calls, therefore all call lists should be screened against the CTPS, TPS and any internal opt-out or suppression lists..
Therefore, you should review (1) how you collected the personal data for marketing purposes; and (2) the method by which you are sending marketing to make sure that where you are sending any marketing, you are complying with the GDPR and where relevant, PECR.