Safeguarding the customer data that we process on behalf of our integrator partners and clients is one of the most important aspects of the DealTrak platform.
As part of our commitment to Data Protection, we are currently completing ISO27001 certification, seen as the gold standard in data security and infrastructure. To assist us on this certification journey, we have engaged the expertise of Gary Hibberd and the team at Agenci.
In the first of a series of articles, “Getting to Grips with GDPR”, Gary outlines the importance of new regulation in the area of Data Protection and security to the F&I sector specifically, and sets the scene for a challenging year to come.
Just 10 months from now, on May 25th 2018, something significant is happening – the current Data Protection Act (DPA1998) is being replaced by the new General Data Protection Regulations (GDPR).
This new regulatory regime affects every business, including the F&I space within the motor industry. So if this is news to you, it’s time to face the facts and figures:
- If you don’t protect the data you hold correctly, you could face fines of up to 20 million Euros
- It’s an EU regulation, but BREXIT won’t effect it.
- Individuals have new ‘Rights’ which you need to be aware of
- You will need to seek explicit ‘Consent’ to market to individuals – if you don’t you’ll be in breach of the regulations
- Data Controllers and Data Processors will have almost the same obligations to protect the rights of data subjects
- You need to have a clear process for managing Data breach incidents
Why the change is needed
With the increase of data breaches reported in 2016, and with the recent Cyberattack on the NHS and over 100 countries, it should be no surprise that there is a need for greater data protection in our increasingly interconnected world.
Why it’s important to the Motor Industry, and F&I in particular
Take a moment to think about the kinds of information that the Motor Industry gathers from individuals looking to purchase a car and then finance or insure it; name, address, DOB, credit history, passport or driving licence details, utilities, dependents, employment details and salary details, to name just a few.
Now think about the sheer quantity of this information that your business holds. How many personal records do you have? How far back does this information reach?
Under GDPR you will need to know a good deal about the data you hold, and you’ll need to be clear on how you obtained the data, how you store it, who you share it with, how you store it and ultimately how (and when) you will destroy it.
If you’re wondering whether or not you’re prepared, take a close look at the following statements – can you answer them?
- We hold the following number of records…
- Information (electronic and paper) is held…
- We only share information with…
- If there is a breach the person responsible is…
- We obtained EXPLICIT permission to marketing to our clients by…
- We have the following security in place…
If you are struggling to answer these questions, it’s time to start educating yourself on GDPR. DealTrak and Agenci are dedicated to helping companies prepare for the new regulations. We understand how significant these changes are and we are committed to preparing for the regulations in a pro-active way.
Over the course of the following months we will share our thoughts and experience with you, and look forward to hearing your views too.