EU GDPR – Why Automotive OEMs Must Support Their Dealers
When it comes to the EU General Data Protection Regulation (GDPR), automotive OEMs, import companies and national sales companies (NSCs) must work together. None of these can solve issues on their own.
Today, collaboration is mostly limited to documents and systems. However, with the arrival of the GDPR, automotive OEMs will need to provide their dealers with process support.
The Manufacturer’s Warranty
The manufacturer’s warranty provides a good example of how OEMs and dealers will have to work together. The warranty is a contract between the OEM and the customer. The OEM pays for repairs under warranty and acts as data controller, determining which data is required to diagnose a fault and repair it. Warranty manuals and processes direct the dealer in regard to which data should be collected and transmitted to the OEM.
Data received by the OEM is processed and then stored, ready to be analyzed when product issues come up in the future. According to the German Automotive Manufacturers’ Association (VDA), all data related to a vehicle identification number (VIN) is personal data. Therefore, all data related to a warranty case is personal data and must be handled as such. This means that, according to the GDPR, the OEM must not use diagnostic data acquired during repairs unless the dealer lets the customer know, up front:
- What data will be acquired by the dealer during the repair
- How this data will be processed and transferred to the OEM
- How long the data will be stored
- What the process for deletion is
This is where collaboration comes in. Just as dealers must help OEMs by providing technical competence and ensuring customer satisfaction, so must OEMs support dealers by guiding them toward excellence in data protection. An OEM that allows a dealer to struggle with data protection on its own will be in the same situation as an OEM that does not pay attention to the dealer’s technical competence or dealings with customers.
How SGS can help
To help automotive dealers comply with GDPR, we provide a suite of services through our management system, GDPRonline. In addition, our onsite consultants will help dealers perform self assessments, identify gaps and set up action plans.
For further information, please contact:
Global Head of Field Services
t: +49 6128 74873 812
m: +49 172 7648658