The General Data Protection Regulation looks to create new levels of transparency and enchance individuals rights. Data controllers and Processors will also have heightened levels of accountability over data they process and store.
To ensure your dealership doesn’t fall short of GDPR expectations it’s important to evaluate your current data handling procedures. You should be asking yourself the following three questions: What data do we currently hold? Where is this data stored? and Why do we have it?
What data do you currently hold?
First things first, you should be taking a holistic look at your current data handling process and understanding exactly what data you hold. As stated by the ICO*, “You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.”
Where is the data?
Secondly you should be identifying where personal data your dealership holds is stored. Is it stored internally or by a third-party? For instance your customer and prospect data may be stored by a lead management supplier such as Dealerweb who use secure servers. You may also keep paper-based data internally such as old customer records and personel files. Remember that its the responsibility of the dealership to ensure data is stored safely and in compiance with GDPR.
Why do we hold the data?
Finally, ask yourself why you hold the data in the first place. GDPR focuses on accountability and all organisations should be able to clearly identify the need for any personal data stored. Employee, customer and prospect data is all data that is required by franchised dealers, but for how long is reasonable? What is a justifiable amount of time to hold prospect data? _
Remember that before assessing your current data handling situation its crucial to ensure all key decision makers and staff are made aware of the changes GDPR will bring._
*ICO Preparing for GDPR: 12 Steps to take now
Want more? Download our free GDPR whitepaper to ensure your prospect and your customers data stays safe, secure and is held in compliance with the new General Data Protection Regulation.