GDPR – Showing potential customers the V5

legal updates

There doesn’t appear to have been a ruling from the ICO on this but our view is that showing a V5 to a potential buyer is legitimate.

Author: Nona Bowkis
Published: August 5, 2019
Reading time: 2 minutes

This article is 6 years old.

Read our disclaimer keyboard_arrow_down

This website content is intended as a general guide to law as it applies to the motor trade. Lawgistics has taken every effort to ensure that the contents are as accurate and up to date as at the date of first publication.

The laws and opinions expressed within this website may be varied as the law develops. As such we cannot accept liability for or the consequence of, any change of law, or official guidelines since publication or any misuse of the information provided.

The opinions in this website are based upon the experience of the authors and it must be recognised that only the courts and recognised tribunals can interpret the law with authority.

Examples given within the website are based on the experience of the authors and centre upon issues that commonly give rise to disputes. Each situation in practice will be different and may comprise several points commented upon.

If you have any doubt about the correct legal position you should seek further legal advice from Lawgistics or a suitably qualified solicitor. We cannot accept liability for your failure to take professional advice where it should reasonably be sought by a prudent person.

All characters are fictitious and should not be taken as referring to any person living or dead.

Use of this website shall be considered acceptance of the terms of the disclaimer presented above.

We are starting to see a few complaints about personal data (in this case name and address) in regard to V5s being shown to potential customers.  

There doesn’t appear to have been a ruling from the ICO on this but our view is that showing a V5 to a potential buyer is legitimate.  To get technical for a minute, if we look at GDPR, recital (50), it states: The processing of personal data for purposes other than those for which the personal data were initially collected should be allowed only where the processing is compatible with the purposes for which the personal data were initially collected.

Breaking this down, the DVLA collect the data because it’s the law. Passing on the V5 to the new owner so they can add their details is then compatible with the purposes for which the original data was initially collected.

Bearing in mind, the Advertising Standards Agency in ‘Glyn Hopkin Ltd and Fiat Chrysler Automobiles UK Ltd’ made clear that dealers must be transparent about the previous owner if it was a hire vehicle etc, then we cannot see how the ICO can expect dealers to somehow redact the information. It is not in the public interest to do so and processing which is “necessary for the performance of a task carried out in the public interest” and “processing which is necessary for the purposes of legitimate interest pursued by the controller or a third party” are allowed under Article 6.

In short, we don’t see a problem but dealers may wish to review their GDPR privacy policy so it reflects the fact that any documents which arrive with a vehicle when it is taken into stock may be shown to any potential buyers and handed to any new owner to ensure the provenance of the vehicle. If you don’t have a GDPR Privacy Policy, Lawgistics members can sign into HR Manager and simply create one for their business.

Automotive ComplianceWE TALK YOUR LANGUAGE, WE KNOW YOUR BUSINESS

Need help with keeping on track with FCA Regulation and Compliance? Partner with Automotive Compliance

Read moreSponsored content
Nona BowkisHead of Legal Services / SolicitorRead More by this author

Related Legal Updates

Time to review your privacy policy?

Our members should be aware of whom they are sharing their data with, and ensure any third-party companies are registered with the ICO.

read more

Data Protection is real and mistakes can cost your business

Most fines from the ICO are against large companies that send out unsolicited marketing messages.

read more

Do you know what a personal data breach is?

If a security incident has taken place, you should quickly establish whether a personal data breach has occurred. If yes, promptly take steps to address it, including telling the ICO if required. You need to keep a log of any breaches, record the details, and actions taken.

read more

Are you ready for the UK’s data landscape change?

The ramifications for not having the correct policy and procedures in place could be costly, not only by a fine from the ICO for not paying your fee, but also by being reported for data breach

read more

Goodbye 2021, hello 2022!

Despite an excess of 100 different commission claims hitting the Lawgistics’ desks, not one single dealer has had to part with their money.

read more

Used cars – a treasure trove of personal data and a data breach in the making

Modern cars pair with smart phones and other electronic devices via Bluetooth or USB and absorb huge amounts of our personal data.

read more

Police ordered to disclose information

Citing the provisions of the Data Protection Act 2018.

read more

Get in touch

Complete the form to get in touch or via our details below:

Phone
01480 455500
Address

Vinpenta House
High Causeway
Whittlesey
Peterborough
PE7 1AE

By submitting this quote you agree to our Terms & Conditions and Privacy & Cookies Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.