Residual satnav address records and Bluetooth information in used cars “are set to create a headache” for remarketers under the incoming General Data Protection Regulation (GDPR), trade body the Vehicle Remarketing Association (VRA) has warned.
Deputy chair Sam Watkins warned that although efforts are already being taken to erase data from used cars’ systems that could map the previous owner’s habits, doing so is going to be a legal requirement under EU-wide GDPR, which comes into force next May.
Watkins said: “At some point in the supply chain, [the data] has to be deleted. The question is – who should be responsible for doing this?
“The problem is that each different manufacturer and sometimes different model has its own way of deleting these records, plus it is quite time consuming. If you are processing thousands of ex-fleet vehicles through an auction every week, it’s a genuine headache.
“There is no apparent, easy solution, but the VRA is looking at this issue and will be seeking guidance from manufacturers and others.”
Tim Bailey, fleet services director at replacement vehicle provider Auxillis Services, said that the company had been preparing for GDPR for a while now.
“Since the end of last year, on collection of vehicles from our customers, we remove all previous satnav and in car phone records, as a matter of course,” he said.
“Given the varying methods employed by the manufacturers, this is no easy task but is essential nevertheless.”
GDPR is to replace the Data Protection Act (DPA) 1998. It places a greater emphasis on the portability and withdrawal of personal data, as well as holding to account not just the data processor who actually uses the data, but the data controller who collects it as well.
If companies are found non-compliant under GDPR, they could be fined up to €20m (£17.7m) or 4% of global turnover, whichever is higher. Under the DPA fines could reach £500,000 at most.