Maximum number of cars added to compare list.

What's your postcode?

We need your postcode in order to provide accurate search results.


Enter your full name
Enter a valid phone number

Tick this box to receive the Trusted Dealers newsletter.

Enter your first name
Enter your last name
Enter your phone number

Got a part exchange?

Tell us your reg plate and receive a part exchange valuation on your car?

Tick this box to receive the Trusted Dealers newsletter.

What's this?

Compare cars side by side to save time clicking backwards and forwards between them.



ICO Updates and Fines

The GDPR has effectively rewritten the Data Protection Directive, the mainstay of current data protection regime. From May 2018, the GDPR will have a significant effect on your responsibilities when storing data and the uses you can put data to. All businesses are affected, particularly where they use customer details for marketing purposes or exchange them with other businesses in any way. Failure to get this right can result in fines, or worse.

In this the Sixth of our series covering this significant change to the law, we look in more detail at some recent guidance and fines offered by the ICO as businesses start to take steps in preparation for the 25 May 2018

Registering as a Data Controller

Under the current Data Protection Act (DPA), organisations that process personal information are required to notify with the ICO as data controllers unless an exemption applies. The ICO have provided a simple to use assessment process to ascertain whether you need to be registered which can be found here

If you are a motor trader and not registered with the ICO we recommend that you complete the assessment as a priority and registered as appropriate.

Whilst the notification requirements under the GDPR will change, current proposals continue to make is a legal requirement for data controllers to pay the ICO a data protection fee.

Whilst the proposals are yet to be fixed, the new funding system will come into play from 01 April 2018.  Further details can be found here.

Updating account details and updating databases

In July the ICO issued a timely reminder that anyone looking to prepare for the GDPR must remember that the current law will still have to be considered.

An investigation by the ICO found that WM Morrison Supermarkets PLC (“Morrisons”) sent emails to people in order to invite customer to update their account details. The emails, were titled ‘Your Account Details’ and appear designed to invite customers to change their marketing preferences. As the email offered money off coupons and extra More Points they were deemed to be marketing emails.

Whilst it appears that Morrisons could establish consent to contact their customers generally they did not check whether the consents had been qualified or withdrawn. Unfortunately, 130,671 of those emails were sent to people who had explicitly opted out of receiving marketing emails in breach of the Data Protection Act 1998 and The Privacy and Electronic Communications (EC Directive) Regulations 2003.

It is vital that any members looking to update their customer databases take all reasonable steps to ensure they remain updated. We would also recommend that any emails sent to update databases and consents are only sent to those customers where there are any concerns they any email should not contain any marketing numeration in order to reduce the risk of breaching the current legislation.

GDPR and Consent

Guidance provided by the Information Commissioner on their regular blog continues to clarify some myths surrounding the GDPR.

The Commissioner confirmed that whilst the GDPR rightly focuses on consent and raises the standards required consent is only one reason for processing personal data and is far from the only reason.

Whilst the ICO are yet to finalise their formal guidance  on consent under the GDPR they have produced a draft guidance which can be found here.


The above is a very broad overview of one aspect of the GDPR. The legislation and guidance is still developing in the weeks and months in the run up to their implementation. This advice is general in nature and we will endeavor to keep you informed through regular articles and case studies.

For further information please visit the Information Commissioner’s Office website at:

Remember, as an RMI member you have access to the RMI legal advice line, as well as a number of industry experts for your assistance. Should you require further information in respect of the article above, contact the legal advice line at any stage for advice and assistance as appropriate.

Motor Industry Legal Services

Motor Industry Legal Services (MILS Solicitors) provides fully comprehensive legal advice and representation to UK motor retailers for one annual fee. It is the only law firm in the UK which specialises in motor law and motor trade law. MILS currently advises over 1,000 individual businesses within the sector as well as the Retail Motor Industry Federation (RMI) and its members.


Data Controllers self-assessment:

Changes to the fee regime:

Draft Consent Guidance:


Posted by Sue Robinson on 17/11/2017