Maximum number of cars added to compare list.

What's your postcode?

We need your postcode in order to provide accurate search results.

Enquire

Enter your first name
Enter your last name
Enter your phone number

Got a part exchange?

Tell us your reg plate and receive a part exchange valuation on your car?

What's this?

Compare cars side by side to save time clicking backwards and forwards between them.

URGENT NOTICE – LAST FEW PLACES AVAILABLE: General Data Protection Regulations (GDPR) – Workshop for NFDA MembersBack

The NFDA has arranged a face to face workshop with our retained Solicitors TLT in relation to the changes to the General Data Protection Regulations (GDPR).

The session will run from 10:00am to 4:00pm on Tuesday 11 April and will be held at TLT’s offices at 20 Gresham St, London EC2V 7JE. Places will be allocated on a first come first served basis and will be limited to one place per company.  Please contact louisewoods@rmif.co.uk to secure your place.

Topics will include:

  1. Top 5 tips on how to complete each of the required actions set out in the ‘Roadmap to Compliance’ document.
  2. A Practical workshop covering areas of compliance as set out in the ‘Roadmap to Compliance’ which impact dealers and suggested approaches to deal with these.
  3. An interactive feedback and information sharing session for dealers to discuss day to day GDPR compliance issues and how these could be overcome and/or mitigated.
  4. A discussion on how we can ensure a common approach with manufacturers and suppliers (e.g. CDK).

Please find below a summary of the key changes being introduced by the General Data Protection Regulation (GDPR). 

A new data protection law (GDPR) is now in force and dealers have until 25 May 2018 to fully implement the new regime. Preparing for compliance will take significant time and resources. Failure to comply can result in fines of up to 4% of annual turnover. Putting in place a GDPR implementation programme is therefore a critical priority to ensure that dealers can continue to use and share data in compliance with applicable laws. A summary of key changes is set out below.

1. Collecting and using personal data

The GDPR introduces more stringent requirements in terms of the information to be provided to individuals to make the processing of personal data fair and lawful. All processes for collecting personal data need to be reviewed and changes made to privacy notices and documentation containing information about how an individual’s data is processed to ensure that new mandatory provisions are included.

2. Use of personal data for marketing purposes

When dealers process personal data for marketing purposes, they will need to ensure that they obtain the consent of the individual to process their personal data. The requirements for

consent under the GDPR are much higher than under current data protection legislation,

therefore, if dealers wish to continue to use personal data already collected and personal data it will collect in the future it must ensure that the consent of the individual has been obtained in accordance with the requirements of the GDPR.

3. Data sharing arrangements

Dealers must only use data processors which take such security measures and comply with all other requirements of the GDPR. They must also ensure that when appointing a third party to process personal data (for example an IT provider) or sharing personal data (for example with a manufacturer) there are adequate contracts in place containing mandatory processing clauses.

Dealers need to review all their data sharing arrangements to ensure that adequate contractual provisions are in place and if not, that appropriate clauses are drafted and contracts amended or re-negotiated.

4. Demonstrating compliance and accountability

Dealers must be able to demonstrate compliance with the GDPR. If they fail to do so they may be liable for a fine for non-compliance under the GDPR (see section 5 below). Demonstrating compliance can be done in many ways. Dealers will need to consider if they need a data protection officer or other responsible individual to manage data protection compliance in the dealership and put in place measures to ensure that a record of the personal data processed is maintained, there are adequate policies and procedures in place relating to the collection and use of personal data and that all people responsible for processing personal data are trained on their obligations under the GDPR.

5. Data breaches and sanctions for non-compliance

The GDPR introduces mandatory notification of data breaches to the ICO and the data subject in certain circumstances. One of the headline changes is the substantial increase in the maximum level of fine it is possible to impose. The new maximum level of fine is the greater of €20 million or 4% of total worldwide annual turnover.

Posted by Sue Robinson on 17/03/2017