GDPR data issue comes under focus by Vehicle Remarketing Association
The issue of how to ensure personal data is removed from fleet vehicles before resale is being spotlighted by the Vehicle Remarketing Association (VRA) ahead of next year’s introduction of the General Data Protection Regulation (GDPR).
As of 25 May 2018, the EU General Data Protection Regulation (GDPR) replaces the Data Protection Act and means that fleet operators will need to have a clear policy and audit trail on what data they are obtaining from vehicles and what purposes it’s being used for – or risk facing fines of up to €20m or 4% of global annual turnover.
However, the new regulation will also mean that sat nav address records and Bluetooth phone information stored on used cars and vans will create a headache for remarketing companies.
According to the VRA, although the vehicle information should be removed before sale, doing so wasn’t always easy.
Sam Watkins, deputy chair at the VRA, said: “The problem is that each different manufacturer and sometimes different model has its own way of deleting these records, plus it is quite time consuming. If you are processing thousands of ex-fleet vehicles through an auction every week, it’s a genuine headache.
“There is no apparent, easy solution, but the VRA is looking at this issue and will be seeking guidance from manufacturers and others.”