Residual satnav address records and Bluetooth information in used cars “are set to create a headache” for remarketers under the incoming General Data Protection Regulation (GDPR), trade body the Vehicle Remarketing Association (VRA) has warned.
Deputy chair Sam Watkins warned that although efforts are already being taken to erase data from used cars’ systems that could map the previous owner’s habits, doing so is going to be a legal requirement under EU-wide GDPR, which comes into force next May.
Watkins said: “At some point in the supply chain, [the data] has to be deleted. The question is – who should be responsible for doing this?
“The problem is that each different manufacturer and sometimes different model has its own way of deleting these records, plus it is quite time consuming. If you are processing thousands of ex-fleet vehicles through an auction every week, it’s a genuine headache.
“There is no apparent, easy solution, but the VRA is looking at this issue and will be seeking guidance from manufacturers and others.”
Tim Bailey, fleet services director at replacement vehicle provider Auxillis Services, said that the company had been preparing for GDPR for a while now.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData“Since the end of last year, on collection of vehicles from our customers, we remove all previous satnav and in car phone records, as a matter of course,” he said.
“Given the varying methods employed by the manufacturers, this is no easy task but is essential nevertheless.”
GDPR is to replace the Data Protection Act (DPA) 1998. It places a greater emphasis on the portability and withdrawal of personal data, as well as holding to account not just the data processor who actually uses the data, but the data controller who collects it as well.
If companies are found non-compliant under GDPR, they could be fined up to €20m (£17.7m) or 4% of global turnover, whichever is higher. Under the DPA fines could reach £500,000 at most.