Satnav address records and Bluetooth phone information stored on used cars and vans are set to create a headache for remarketing companies with the arrival of General Data Protection Regulation (GDPR) next year, says the Vehicle Remarketing Association (VRA).
The trade body, which represents companies that are involved in remarketing more than 1.5 million vehicles every year, says that the principle of personal data within GDPR means that the information should be removed before sale – but that doing so wasn’t always easy.
Sam Watkins, deputy chair at the VRA, said: “Anyone who has bought a used car in the last few years will know data such as satnav and phone records from the previous owner is often not removed when a vehicle is sold.
“It’s probably a good idea in general that this data should be deleted – it provides a very good indication of a person’s movements, work and social activities – but GDPR makes it a legal responsibility. At some point in the supply chain, it has to be deleted. The question is - who should be responsible for doing this?
“The problem is that each different manufacturer and sometimes different model has its own way of deleting these records, plus it is quite time consuming. If you are processing thousands of ex-fleet vehicles through an auction every week, it’s a genuine headache.
“There is no apparent, easy solution, but the VRA is looking at this issue and will be seeking guidance from manufacturers and others.”
Tim Bailey, fleet services director at Auxillis Services, a vehicle rental company providing replacement vehicle services, said: “We have been aware of the GDPR legislation for some time and preparing for this legislation in a number of areas.
“Since the end of last year, on collection of vehicles from our customers, we remove all previous satnav and in car phone records, as a matter of course. Given the varying methods employed by the manufacturers, this is no easy task but is essential nevertheless.
“Any record that can be tied back to an individual needs to be dealt with in accordance with GDPR and your company’s resultant control policies.”
General Data Protection Regulation will replace the Data Protection Act 1998 (DPA) in May, 2018. It is European legislation designed to unify the separate EU member states’ regulations and to give people living in the EU more control over their personal data.
Fundamentally, GDPR is the same as the Data Protection Act but there is a high degree of emphasis on accountability and transparency, and businesses must demonstrate and create robust audit trails for compliance and decision making.
The new law also comes with significant penalties, with much wider scope than the DPA - for data processors now as well as data controllers. Ultimately, companies can be fined up to 4% of their worldwide turnover.
The issue of GDPR was raised at the September member meeting of the VRA, which was attended by more than 30 industry experts and took place at the premises of Fleet Auction Group in Coalville, Leicestershire.
More articles on:
Gareth has more than 20 years’ experience as a journalist having started his career in local newspapers in the 1990s. Prior to joining Fleet News in 2008, he worked in the public sector as a media advisor and is currently news editor at Fleet News.
Gary Hibberd - 06/03/2018 16:49
Interesting article... But this is relatively easy to answer. The responsibility rests with the Data Subject to remove their data. But it would be prudent for the the company who are selling the car to end-users to check the data has been removed. To be honest, this isn't only a Data Protection matter - it's good customer service! When buying a car (new or used) I expect the car to come to me 'like new'! That means the glove compartment better be as clean as the boot. And I expect the radio stations to blank (as well as the History on SatNav). This isn't rocket science. Car dealerships often state they have a' 50 point inspection' on all new and used vehicles... So make it 51!! As an Information Security and Data Protection specialist, I find articles like this interesting but ultimately frustrating. We're effectively stood on the deck of the Titanic, worried about ice in our drinks but ignoring the iceberg ahead. Start with the big stuff... and sweat the small stuff later!