Last year, the government launched a consultation on the proposed changes to the UK’s data landscape called Data: a new direction.
The government’s response will be published in spring of this year and we will keep you updated on any changes that may affect the motor trade. There are some elements that may be of interest moving forward, as they are suggesting changes to data breach reporting, the need for a Data Protection Officer, and proposals relating to charges for data subject access requests. As this is a consultation, any changes will not be happening soon, however, it is a good reminder that GDPR or its future reincarnation, is here to stay.
Hopefully, you already have this practice in place, but it is always a good idea to conduct an annual GDPR audit and review your privacy policies and procedures. Your Information Commissioner’s Office (ICO) reminder to pay your data protection annual fee for processing personal data should be a trigger to action this annual audit. If you are now thinking: “we don’t get a reminder and we don’t pay any fee to the ICO”, then you will need to check on the following link as some companies are exempt:
https://ico.org.uk/for-organisations/data-protection-fee/self-assessment/
We have noticed some of our members’ privacy policies don’t include that they record inbound and outbound calls, and/or they may also omit that CCTV is captured on the premises. These all need to be included in your privacy policy, and if you are recording this data, then you should certainly be paying an annual fee to the ICO.
The ramifications for not having the correct policy and procedures in place could be costly, not only by a fine from the ICO for not paying your fee, but also by being reported for data breach. Now, this could be a simple error that is easily rectified and you believe there has been no serious damage caused, but unfortunately, it is not always that clear cut.
We had a recent case where our member was unable to evidence that a consumer had consented to his information being passed on to a third party. The customer was encouraged by their solicitor to make a complaint to the ICO. The ICO concluded that a breach had occurred and they considered the matter closed as our client had provided the correct rectification. However, the solicitor further encouraged the customer to take it to court. Our member opted to settle out of court rather than take the risk of a court decision.
Our HR Manager software, which is free to our members, helps dealers conduct their GDPR audits and keep on the right side of any breach and consequential claim. Or, if you are unsure and need assistance with GDPR issues, you can give us a call for any advice.

Need help with keeping on track with FCA Regulation and Compliance? Partner with Automotive Compliance
