We continue to see cases whereby a member of the public is looking for a cash payout for what they claim as a personal data breach. General Data Protection Regulation (GDPR) came into law in May 2018 and was incorporated into the updated Data Protection Act 2018 (DPA). Although data protection is less talked about now, it still applies. Dealers and garages must continue to monitor how they treat personal data and review their privacy policies each year.
The Information Commissioner’s Office (ICO) is the body that deals with complaints in this area and it only takes a simple human error, such as mixing up two customer’s details, for a compensation claim to land in your inbox.
Most fines from the ICO are against large companies that send out unsolicited marketing messages. We Buy Any Car was fined £200,000 in September 2021 for sending marketing emails and texts to people who had previously signed up for an online quote. Sending the quote was fine as this is what was requested, but using their contact details to send further marketing messages was not.
For our dealers, most complaints relate to human error. Complaining customers dream of hundreds, and in some cases, thousands of pounds of compensation as they claim the error has caused them so much distress. In some cases, there will be genuine distress and those cases must be considered appropriately. However, this rarely occurs, and the recent High Court case of Rolfe and others v Veale Wasbrough Vizards LLP [2021] EWHC 2809 (QB) saw the courts dismiss such a claim for distress with the Master (High Court judge) deciding that no harm was credibly shown when an email was sent to the wrong person in error.
Mistakes do happen, but as with most things, it’s how the mistake is dealt with that will help determine any consequences. If you do find out that details have been sent to the wrong customer, ask the recipient to delete the email, and let the customer who should have received the email know what has happened. These sorts of errors do not need to be reported to the ICO, but you should keep an internal log, so you can monitor if there is a particular member of staff who repeatedly makes these sorts of mistakes.
GDPR is here to stay and while you might not find it very interesting, it will apply to you. And you need to have the right procedures and policies in place. Lawgistics can help your GDPR compliance in two ways. Firstly, our award-winning software, HR Manager, is a secure database to store both employee and customer information, such as employment contracts, sales transactions, warranties, etc. And secondly, we will shortly be launching our new Training Academy, which includes a GDPR Awareness Training bite-sized course that you can use to train your employees and to ensure you are GDPR compliant.
One of the largest independent specialist motor trade brokers in the UK. Our extensive history of supplying insurance to the motor trade means we understand your business needs. By partnering with a specialist insurance broker like us, you get exactly what you need to protect your business.
