EU GDPR – Automotive OEMs Must Help Dealers Adapt to the New Requirements
Data collection affects more than just Google, Facebook and WhatsApp.
Automotive OEMs collect data as well. Data about repairs, diagnostics, geolocation and even vehicle misuse are often taken from a vehicle, processed and stored. There is usually a valid reason for data collection. For example, data can be used to perform a diagnosis or to monitor a product’s performance in the market.
Most of the time, however, customers are not told about data extraction from their vehicles. When a workshop order is signed, the workshop rarely explains which data will be acquired, why it is being acquired or how it will be processed.
This will have to change with the EU General Data Protection Regulation (GDPR), which requires automotive OEMs and dealers to inform customers about data acquired during a workshop visit. The GDPR requires dealers to provide crystal clear descriptions of the reasons for data extraction, processing and transfer when they connect a vehicle to diagnostic equipment. Dealers can only comply with this requirement by cooperating closely with OEMs, with the OEM monitoring the use of data just as it monitors repairs and workshop competence.
Adapting to GDPR requirements
Currently, OEMs tend to focus on providing data processing declarations and obtaining customer consent for data processing for marketing purposes. With GDPR, they will have to supply their dealers with information about data processing. Dealers will have to adapt their dealer management systems (DMS) and customer communications to include this information.
Managing these adaptions properly, and with due diligence, will be a huge challenge for dealers, particularly small and medium sized ones. They will not have the management bandwidth to adapt their processes to GDPR requirements without OEM support.
What needs to be done
- OEMs must describe, in clear, simple language, how dealers should integrate the new requirements for handling data into their processes. They should provide dealers with a means of doing this without creating new forms and additional paperwork
- Dealers should perform diligent self assessments of their compliance with data processing regulations, supported by capable tools that can be used to manage deviations and close gaps in the process
- Dealers must create data processing directories, which are maintained regularly. They must properly describe the processes that are used to acquire data during sale, warranty or repair and keep this information up date
- OEMs should support dealers by providing them with the appropriate information tools and consultancies to help them learn from best practices
- Processes for protecting individuals’ rights regarding data and for managing data breaches must be set up in dealrships
To help automotive dealers comply with GDPR, we provide a suite of services through our management system, GDPRonline. In addition, our onsite consultants will help dealers perform self assessments, identify gaps and set up action plans.
For further information, please contact:
Global Head of Field Services
t: +49 6128 74873 812
m: +49 172 7648658