Legal Article - Business Law

Step 2  - Information you hold

Compile a list of what personal data you hold, where it came from and who you share it with. For car dealers and garages, you are likely to have paper sales invoices,  electronic sales invoices, lists of customers and dates their MOTs and services are due, employee details, prospective customer details, previous customer details, IP address information from website visits and marketing lists complied by either yourselves or third parties. 

If you are a Main Dealer and pass information onto your manufacturer, you must make sure the personal data you hold is correct and that you have explicit opt in consent to pass that data on. Manufacturers need to conduct due diligence to ensure any data passed to them has the relevant consent - writing to the customers where consent isn’t clear is not the way to go unless you want a fine as Honda found out to their detriment. If any data is incorrect, you must show you have advised the third party of the error so they can amend their records.  

If you compile a list of the type of personal data you hold, not only will you identify your possible problem areas, you will also have evidence to show the ICO that you are complying with the accountability principle of the GDPR so it’s a double tick exercise. 

Published: 11 Aug 2017

Edited: 30 Nov 1999


To ensure you are a real person signing up and to prevent automated signups (spamming) could we ask you to copy the letters and numbers shown below into the box.

(cAse SeNSItivE!)

There are no comments

Share this Article

Related Articles