Image description

Don't throw the baby out with the bath water!"

GDPR.  Do you comply?

Don't forget that you can retain customer and prospect details for contact if you have a 'legitimate interest' in doing so.

And that personal information - ie customers - is not the same as business contact information.  Public domain data and the products you supply may give you legitimate interest.    So you fleet team can still prospect.

What is the GDPR?

GDPR is part of the e-privacy legislation that came into force during 2018.  GDPR concerns the personal information of an individual, either privately or at work.  Including their contact information within a companies.  Both limited companies and sole traders.

Step 1.    What reason are you using for retaining the information

Step 2.    Make sure you are storing and saving it correctly.

Step 3.    Make sure you delete it when you are asked.

The first step is simple.  There are a few ways allowed by GDPR for retaining customers data.  Either they gave you explicit permission, they Opted In, or you as a car dealership have a legitimate interest in retaining the information - in which case you don't need the opt in.

You do have a choice.  But you should record which option you chose, why, and if you chose 'legitimate interest' when will that interest run out.   If someone enquired about a roof rack is it legitimate interest to still have their data 4 years later?

The second step is also straight forward.  Are you saving information securely?  Are you saving it in you r building or on the internet.  If it's on the net is it secured in the UK or Europe?

If you transfer it to anyone, should you?  Is that allowed under the act.   If you do transfer it do you do it safely with passwords and data encryption

If you send it to a marketing company, are they based in the UK, do they store it only in the UK or Europe?

Step 3 is probably the most important.  You must have a robust process in place for when a customer asks you to remove their information.    If they ask you, and then you send them 3 emails and two mailshots you will fall foul of the Information Commissions Office.   The fines can be very large.

What is PECR?

PECR is similar to GDPR, but it covers contacts that you have within local business's.   A few of these might be retail customers, but the majority will be fleet and local business users.

According to the Direct Marketing Association, the largest body in Europe for monitoring direct marketing, sending electronic marketing to companies does not require OPT IN.  instead it only needs a 'soft opt out'

So for the time being you can email market all the fleet users you have.   BUT.  You need to be sure where you got the contact information from.  You can only use information if they actually gave it to you, either directly or if you were given it during a prospecting call to the company.

You can't use it if came on a bought list or a list you 'collected' while working for a different dealership.