With the approaching deadline of 25 May 2018 for all organisations to comply with the new General Data Protection Regulation (GDPR), it is imperative that organisations have a compliance strategy in place, as failure to comply will result in extremely harsh fines”, said Sue Robinson, Director of the National Franchised Dealers Association (NFDA).
Failure to comply with GDPR can result in fines of up to €20 million or 4% of annual turnover for the most serious contraventions. Following the first workshop run by NFDA solicitors TLT on 11 April, a second one will take place on 6 July. A further workshop will follow in the summer.
Some of the crucial steps that organisations must take now include:
Carrying out a data mapping exercise to understand how their personal data are being collected and used
Reviewing contracts which include data processes and data sharing with third parties
Reviewing cases where personal data is processed based on the "consent" of the individual
Ensuring current privacy notices have mandatory information required under GDPR
Appointing a Data Protection Officer (DPO) where necessary
Ensuring that language used in privacy notices is clear, concise and easy to understand and that contractual provisions clearly set out the rights and obligations of both parties.
Robinson continued, “To assist NFDA members in meeting the challenge of compliance we are running a further workshop to outline the necessary steps required. We have also drawn up a questionnaire and a letter which dealers can send to suppliers, manufacturers, Dealership Management System providers (DMS), insurers and finance houses to understand how they are using their data.
“We have contacted manufacturers to request what steps they are taking to ensure that there is a co-ordinated industry approach. Preparing for compliance will take significant time and resources and putting in place a GDPR implementation programme is a critical priority to ensure that businesses can continue to use and share data in compliance with applicable laws.
“We urge dealers to take the whole GDPR issue very seriously and contact us to attend the workshop or if they need any further guidance on the issue.”
NOTES TO EDITORS:
About the RMI
The Retail Motor Industry represents the interests of operators in England, Wales, Northern Ireland and the Isle of Man providing sales and services to motorists and businesses. The RMI has a formal association with the independent Scottish Motor Trade Association which represents the retail motor industry in Scotland.