Posts

Datenschutz im Autohaus - Datenschutzgrundverordnung - Datenschutz - Daten - DSGVO - Autohaus - Autohäuser

Data protection in the car dealership

Data protection cannot be transferred 1 to 1 from one company to another. The implementation of the GDPR in car dealerships poses particular challenges for those responsible. In the following, we would like to discuss some of the special features of data protection in car dealerships.

Data protection in the car dealership is end customer business

In the end customer business, it is particularly important for companies to protect the rights of the data subjects. Customers may react angrily if they are dissatisfied. As a result, they often ask for their data to be deleted and no longer want to receive advertising from the dealership. Special attention must then be paid to ensuring that the right to erasure under Art. 17 GDPR is identified as such and forwarded to the responsible parties at the dealership. These must carefully examine whether the right can be fully complied with or whether, for example, the right can be exercised. Invoices are still subject to further retention.

Adhere to deadlines for data subject rights

The effort involved in checking deletion requests should not be underestimated. In doing so, the company should comply with the time limit set out in Art. 12 para. 3 DSGVO to respond to deletion requests always keep in mind. A month goes by quickly, especially if employees are not sufficiently trained and do not recognize requests for data subject rights as such or do not take them seriously at first and simply ignore them.

It is essential to train employees

For companies, it pays to train their employees on data protection. If such training is neglected, it may happen that employees ignore the rights of those affected or even treat customer data carelessly. The employees of the car dealerships have a lot to pay attention to in terms of data protection, especially in direct customer contact.

Copies of ID and salary slips

If the responsible company underestimates the importance of its employees in terms of data protection compliance, it can be costly. Copies of identity cards and salary statements and similar sensitive data are sometimes requested from customers in the context of a car purchase or a test drive, copied and then, in the worst case, openly filed in a transparent film on the sales desk in the showroom.

Various customer loyalty programs

The implementation of the GDPR in car dealerships also causes difficulties when using various customer loyalty programs. It is important to respect the right of objection of the data subjects according to Art. 21 para. 2 GDPR to be taken seriously in the case of direct marketing. It is fatal when car dealerships use different systems that do not communicate consistently with each other or are not properly maintained. If the dealership fails to clearly define responsibilities, advertising objections from customers may not be considered.

 

Storage of customer data in the showroom

The storage of customer data in the exhibition room is unfavourable. When implementing the GDPR in the dealership, those responsible should ensure that customer data is not stored there. Customer traffic in the exhibition space is constantly running and unauthorised persons may gain access to personal data such as purchase and lease agreements. In case of doubt, the sales staff should be provided with lockable cabinets so that documents can be quickly locked away in case of short-term need.

 

Screen lock in the showroom

The salesman’s workstations in the showrooms of the car dealership also pose a risk of fines if the workstations are not blocked when the employees leave. The staff’s argument that they only went away for a short time does not hold up. You are quickly distracted from your daily work, approached by another customer, still want to get documents from your colleague and in 5 seconds the unlicensed person will be able to use minutes to get data. Responsible persons should therefore pay attention to training employees. A written instruction is often not sufficient to adequately sensitize employees to the handling of customer data.

Data protection audit helps with self-assessment

If responsible parties are unsure about the implementation of the GDPR in the dealership, data protection audits can work wonders. They help in the detection of vulnerabilities. If you find in the audit that the processes that were supposedly implemented have been ignored or “adapted” by employees, you now have the chance to improve. In addition, data controllers often get the impression that it is sufficient if they have trained their employees and documented everything in terms of data protection. However, especially in the end customer business, many mistakes happen in the handling of personal data in everyday work. If problems only come to light as a result of customer complaints or with the supervisory authority, there is a risk of fines. A data protection audit can therefore help in advance to identify problems, raise the general awareness of all employees and avoid fines.

Data protection in the car dealership as a quality feature

Ultimately, the dealership’s customers will also appreciate the prudent handling of their data. Data protection is increasingly seen as a quality feature. If data protection is treated too laxly, customers quickly get the impression that they are not in the right hands, not only when it comes to data protection, but also when buying a car. However, anyone who handles customer data in a data-protection-compliant and professional manner will have an easy time gaining and maintaining the trust of their customers!

Book your data protection audit now and check how well you are really positioned.

 

Datenoffenlegung an Partnerunternehmen - DSGVO - DSGVO Bußgeld - Bußgeld - Datenschutz - Datenschutzverstoß - Datenschutzgrundverordnung - Daten

Disclosure of data to partner companies

For many companies, division of labour and cooperation are not only a matter of necessity, efficiency and cost reduction, but also a matter of course. What someone else can do better, he can usually do faster and cheaper, and if you sell to the same customers, there are synergies in the merger. In this respect, many companies think of many things when it comes to partnerships and cooperations with other companies – only data protection is often forgotten when it comes to the disclosure and transfer of data. It is often overlooked that cooperations with other companies require that personal data be disclosed to third parties. However, responsible companies should definitely check this data transfer in terms of data protection law and clearly define and regulate responsibilities in order to avoid fines.

Read more

Schmerzensgeld für unvollständige und verspätete Auskunft - DSGVO Bußgeld

GDPR violation: Compensation for incomplete and late information

Violations of the GDPR can cost companies dearly. The first thing that usually comes to mind are the high regulatory fines that are widely reported in the press. But not only high fines from the supervisory authorities threaten defaulting companies with incorrect information – compensation for pain and suffering can also be due, as the judgment of the Düsseldorf Labor Court of March 5, 2020 showed (Az. 9 Ca 6557/18). The reasoning for the judgment contained some fundamental statements regarding immaterial damages in connection with the violation of the GDPR.
Read more

Verarbeitungstätigkeiten - Was gibt es zu beachten?

Processing activities – what should be considered?

“More paperwork, more documentation. That is just a hindrance and does not help anyone ”. Most likely react in this way or something similar when it comes to keeping a record of the processing activities that, according to Article 30 GDPR, must be kept in every organization and company as soon as personal data is processed. Article 83 GDPR creates an additional “monetary incentive” to act. Who would like to receive a fine because data protection has not been complied with? The loss of image due to publications is often greater than the resulting financial damage.
Read more

Datenschutzrechtliche Risikofaktoren - DSGVO-Bußgelder bei nicht Einhaltung dieser Regelungen

Data protection risk factors: former employees and dissatisfied customers

In the day-to-day work of a data protection officer, you have to do a lot of persuading and repeatedly fight for compliance with the GDPR. Companies often shy away from costs and effort when making necessary adjustments. Business leaders generally question the GDPR, the demands of which are far too exaggerated. In the following we take a closer look at the topic of “data protection risk factors”:
Read more

Web-Checks - DSGVO-Check - Ist ihre Website Sicher?

GDPR check – is your website GDPR compliant?

Could you safely say that your website is compliant with data protection regulations? Because anyone looking for data protection deficiencies on the Internet will quickly find what they are looking for. Everything is included, from the inadequate cookie banner to the poorly accessible data protection declaration. But what is the cause of this? Do companies not want to meet their legal obligations or do they not even know that they are doing something wrong? You can find out in our GDPR check!
Read more

EU-US Privacy Shield im Schrems 2 Urteil gekippt

Response to Schrems II judgment US Department of Commerce publishes white paper

The judgment of the European Court of Justice, which determined the ineffectiveness of the Privacy Shield Agreement between the European Union and the USA (Schrems II), did not go unnoticed in the USA either. In response, the US Department of Commerce has now published a white paper on data protection risk analysis as part of data export to the USA.

Read more

GDPR fine against H&M: € 35.3 million

The Swedish fashion brand H&M is said to pay a fine of 35.3 million euros for spying on employees. Hundreds of employees at the service center in Nuremberg are said to have been monitored. The Hamburg commissioner for data protection, Johannes Caspar, justified the decree on Thursday. Read the blog article to learn more about the GDPR fine against H&M.

Read more

EU-US Privacy Shield Video zum Thema

The EU-US Privacy Shield – everything you need to know about the Schrems 2 judgment in the video!

The so-called “Schrems2” judgment of the ECJ, with which the US-EU Privacy Shield was overturned, is currently stirring up data protection officers and companies. In the video you can find out everything you currently need to know about the EU-US Privacy Shield. We’ll also tell you what to look out for in the company!
Read more

EU-US Privacy Shield im Schrems 2 Urteil gekippt

Data transfer to the USA: an endless story with a lot of risk – current! The US-EU Privacy Shield

It took a long time, but now it actually happened that the Austrian lawyer Max Schrems brought the data transfer to the USA before the ECJ again. He was right again. The so-called “Schrems2” judgment of the ECJ, with which the US-EU Privacy Shield was overturned, is currently stirring up data protection officers and companies. In our blog article and video you will find out everything you currently need to know about EU-US privacy. We’ll also tell you what to look out for in the company!

Read more