Start thinking about how you might breach the GDPR


Breaches by individuals can attract not just fines but criminal convictions.

Author: Nona Bowkis
Reading time: 2 minutes

This article is 4 years old.

Read our disclaimer keyboard_arrow_down

This website content is intended as a general guide to law as it applies to the motor trade. Lawgistics has taken every effort to ensure that the contents are as accurate and up to date as at the date of first publication.

The laws and opinions expressed within this website may be varied as the law develops. As such we cannot accept liability for or the consequence of, any change of law, or official guidelines since publication or any misuse of the information provided.

The opinions in this website are based upon the experience of the authors and it must be recognised that only the courts and recognised tribunals can interpret the law with authority.

Examples given within the website are based on the experience of the authors and centre upon issues that commonly give rise to disputes. Each situation in practice will be different and may comprise several points commented upon.

If you have any doubt about the correct legal position you should seek further legal advice from Lawgistics or a suitably qualified solicitor. We cannot accept liability for your failure to take professional advice where it should reasonably be sought by a prudent person.

All characters are fictitious and should not be taken as referring to any person living or dead.

Use of this website shall be considered acceptance of the terms of the disclaimer presented above.

If you follow the ICO’s 12 point GDPR plan which we have explained in more detail at one of our previous articles ‘GDPR and avoiding a fine’, you will know you need to consider what personal data you hold and how you keep it secure.

Breaches by individuals can attract not just fines but criminal convictions as we saw recently when a recruitment manager who sent out 26 CVs to an external recruitment agency without consent from the data subjects  was prosecuted at Birmingham magistrates court under Section 55 of the Data Protection Act. He pleaded guilty and picked up a £994 fine (including costs and a victim surcharge).

If you and your staff want to avoid such prosecution, you do need to make sure you have systems in place together with a good understanding of how to treat people’s personal data.  

Simple and practical actions could include moving filing cabinets of customer invoices to a locked room where people cannot wander in and pick out files, getting staff to sign regular memos reminding them not to leave their work ipad unattended on a desk in a customer area and making sure any third party information processors are fully aware of the GDPR.      

Start talking to any parties who hold or process data for you as if you give them personal data, the onus is on you to ensure they keep that data secure and only use it for purposes for which consent has been freely given. Some third party organisations are already getting on board, for example, Dealtrak who provide a Platform for finance applications, have said they are working towards ISO27001 qualification which is part of the ISO27000 family which sets international standards for keeping information assets secure.

Who are your data processors and controllers and what are they doing to comply? 

Nona Bowkis

Legal Advisor

Read more by this author

Getting in touch

You can contact us via the form or you can call us on 01480 455500.