Compare cars side by side to save time clicking backwards and forwards between them.
Maximum number of cars added to compare list.
We need your postcode in order to provide accurate search results.
The NFDA has arranged a face to face workshop with our retained Solicitors TLT in relation to the changes to the General Data Protection Regulations (GDPR).
The session will run from 10:00am to 4:00pm on Tuesday 11 April and will be held at TLT’s offices at 20 Gresham St, London EC2V 7JE. Places will be allocated on a first come first served basis and will be limited to one place per company. Please contact firstname.lastname@example.org to secure your place.
Topics will include:
Please find below a summary of the key changes being introduced by the General Data Protection Regulation (GDPR).
A new data protection law (GDPR) is now in force and dealers have until 25 May 2018 to fully implement the new regime. Preparing for compliance will take significant time and resources. Failure to comply can result in fines of up to 4% of annual turnover. Putting in place a GDPR implementation programme is therefore a critical priority to ensure that dealers can continue to use and share data in compliance with applicable laws. A summary of key changes is set out below.
The GDPR introduces more stringent requirements in terms of the information to be provided to individuals to make the processing of personal data fair and lawful. All processes for collecting personal data need to be reviewed and changes made to privacy notices and documentation containing information about how an individual’s data is processed to ensure that new mandatory provisions are included.
When dealers process personal data for marketing purposes, they will need to ensure that they obtain the consent of the individual to process their personal data. The requirements for
consent under the GDPR are much higher than under current data protection legislation,
therefore, if dealers wish to continue to use personal data already collected and personal data it will collect in the future it must ensure that the consent of the individual has been obtained in accordance with the requirements of the GDPR.
Dealers must only use data processors which take such security measures and comply with all other requirements of the GDPR. They must also ensure that when appointing a third party to process personal data (for example an IT provider) or sharing personal data (for example with a manufacturer) there are adequate contracts in place containing mandatory processing clauses.
Dealers need to review all their data sharing arrangements to ensure that adequate contractual provisions are in place and if not, that appropriate clauses are drafted and contracts amended or re-negotiated.
Dealers must be able to demonstrate compliance with the GDPR. If they fail to do so they may be liable for a fine for non-compliance under the GDPR (see section 5 below). Demonstrating compliance can be done in many ways. Dealers will need to consider if they need a data protection officer or other responsible individual to manage data protection compliance in the dealership and put in place measures to ensure that a record of the personal data processed is maintained, there are adequate policies and procedures in place relating to the collection and use of personal data and that all people responsible for processing personal data are trained on their obligations under the GDPR.
The GDPR introduces mandatory notification of data breaches to the ICO and the data subject in certain circumstances. One of the headline changes is the substantial increase in the maximum level of fine it is possible to impose. The new maximum level of fine is the greater of €20 million or 4% of total worldwide annual turnover.