Tag Archive | "Retailers"

THE GDPR LOWDOWN

Tags: , , , , ,

THE GDPR LOWDOWN


In part two of our GDPR guide, Hayley Pells explains how practical steps will help you be ready.

It hasn’t been a good month for the public’s perception of how companies use their data. You may have noticed that during the coverage of Facebook and Cambridge Analytica on TV that Elizabeth Denham, the UK’s Information Commissioner, would pop up to reassure the public that steps were being taken to regulate how their data was used and stored by companies, which was of course a reference to GDPR. If there was any doubt about how seriously the country is going to take the new legislation, this will be a wake up call.

Last month, we explored the background of GDPR and how it is going to affect your business, this month, we are going to explore a step-by-step guide to show you how you can become legally compliant yourself. If you are unsure of the process there is still time to get some professional help. There are independent consultants all over the country and there are larger organisations who are able to roll out a fast to access service. The average garage owner can do this in-house for themselves, but if you are busy, it could be a more cost effective solution to outsource.

STEP 1
Awareness

Following on from last month’s article, you need to make sure all of your team know about the legislation. In my case, trying to explain it to my father who I work with (and is in his late sixties) is a hoot, but we got there. The key area to get across is the impact this compliance will have on the business and acknowledging the time and cost it will require to implement. Do you have a risk register? It could be useful to have one. Compliance can be difficult if the preparations are left to last minute, especially if you then plan to outsource.

STEP 2 – Current situation

What personal data do you hold about your clients and staff ? Do you really need it? This is a good opportunity to “clean house.” Dispose of the unrequired information responsibly, ensuring that the data is inaccessible at the point of disposal.
What you should be left with is the information that you need. What do you do with it? This is how compliance with the accountability principles of GDPR are achieved. You need to know what information you hold, where it is held and how it
is held. It must be held securely. When sharing data, this needs to be done responsibly. For example, does someone else process your payroll? Now is the time to check that the information you share is being done so in a responsible manner and that your service provider is up to speed with their obligations.

Having assessed your current situation it is a good idea to record it and then outline your strategy for improvement. This is a very similar process to how you would complete a risk assessment.

STEP 3 – Communicating
privacy information
Do you have a privacy notice? Currently, when you collect personal data you need to give people the following information;
– Who you are
– How do you intend to use their information

That information you have probably done without thinking, to continue with the payroll simili “I’m Fred Bloggs, I need your NI number to process your pay.” With the GDPR, this is expanded upon, now there are a couple of extra things you need to tell people;

– Your lawful basis for processing the data
– Data retention periods
– The individual’s right of complaint to the Information Commissioner’s Office

So for this I shall use the example of information that I gather for a MOT test. My lawful basis for collecting information about my client is that I have been tasked with performing a MOT test on their vehicle. I keep this data for one year and the ICO’s website can be found at ico.org.uk – they are the Information Commissioner’s Office, the UK’s independent body set up to uphold information rights in the public interest. The GDPR requires that plain language is used, every step should be as clear and concise as possible.

STEP 4 – Individual’s rights

You should check and record your procedures to ensure they cover the following rights of the individual, include how you would erase personal data or provide personal data electronically in a commonly used format;
– The right to be informed
– The right of access
– The right to rectification
– The right to be forgotten
– The right to restrict processing n The right to data portability
– The right to object
– The right not to be subject to automated decision-making including profiling

Now bear with me, this all probably sounds like something completely new, but before spanners are thrown up into the year and “this modern euro nonsense is just taking over everything, I am but a simple mechanic” is hailed (or was that just my father?). Let us examine what this means practically. A lot of these rights are just basic common sense, you are probably employing them right now – the key areas that are significantly different are mainly within the right of portability, it only applies;

– To personal data an individual has provided to a controller
– Where processing is based on the individual’s consent or for the performance of a contract
– When processing is carried out by automated means With the Data Protection Act, you could, if you so wished, charge a fee for the provision of data to the individual, under the GDPR you cannot and the information provided by the ICO insist that it be provided in a structured commonly used and machine readable form.

STEP 5 – Access Requests
Step four outlined the right the individual has, step five now examines how those rights are handled. It is good practice to have this recorded and share it with everyone in your organisation.
– No charge for information requests
– Information to be given within a month (under the Data Protection Act, this was 40 days)
– You can refuse or charge for requests that are manifestly unfounded or excessive
– If you do refuse a request, you are legally obliged to tell the individual why and that they have the right to complain to the supervisory authority and to a judicial remedy. You must do without undue delay and at the latest, one month.

If you have a large organisation or you handle large numbers of information requests this may be a good time to assess the implications of dealing with requests quickly. It may be worth considering the desirability of systems that allow individuals to access their own information online.

STEP 6 – Lawful basis for processing personal data
As individuals now have a stronger right than under previous legislation to access their personal data in order to achieve compliance with the GDPR, you should document and share your lawful basis for the collection and processing of this data. This is especially important now individuals have the right to deletion of their personal data.

STEP 7 – Consent
Consent cannot be inferred by silence and must not be an “opt out” (no pre-ticked boxes or assumptions). This is quite a broad area and will be explored further next month with detailed guidance. Consent cannot be thrown in with your general terms and conditions as it must be freely given, specific, informed and unambiguous. In my opinion, post 25th May 2018, this is going to be the next big goldmine for all those companies that are currently benefiting from the PPI refunds, it will be an easy area to identify non- compliance if the correct procedures are not in place.

STEP 8 – Children
Before shoulders are shrugged that you don’t deal with children, first understand what is meant by the term “child”, although the consent given by children within this context tends to be more concerned with young children and internet related services such as social networking, it would be a good idea to consider how you handle apprentice’s (or any other employee or client who are under 18) information. Currently the GDPR sets the age at 16, this may be lowered to 13, being mindful of how this age limit may change and implementing into your policy documents for the younger people that you may deal with will be the best method to achieve compliance.

If your organisation does deal with children, you must remember that consent must come from someone with “parental responsibility” and has to be verifiable. Your privacy notice must be written in language that children can understand.

STEP 9 – Data Breaches
What to do if it all goes wrong? The legislation does consider that like locking the door to your home doesn’t stop thieves getting in, you may be subject to a data breach that, in under normal working circumstances, would not happen.

If you have a breach, determining the nature of the breach will direct your next course of action. You only need to notify the ICO if the breach is likely to risk the rights and freedoms of the individual, for example, if it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. If this breach is likely to result in a high risk to the rights and freedoms of individuals, you will also have to notify them directly.

In order to achieve compliance with the GDPR you must have procedures in place that detect, report and investigate personal data breaches. Having a good clear out at step two will reduce the risk in this area.

STEP 10 – Data Protection by Design and Data Protection Impact Assessments
Remember when you had to uncheck a prefilled box to opt out of things online? Now you have to check it yourself, this is what that is about. The chances are, if you collect data in this way, this is something that you are already aware of and I am personally at a loss as to why you would have a need to process information in this way within the automotive aftermarket, but I am sure there is someone out there who could enlighten me!

STEP 11- Data Protection Officers If it is everyones’ job, nobody does it. Identifying a person responsible for data protection compliance is now a formal obligation in certain circumstances. You probably won’t be one of them, but it is still good practice to formally appoint someone to oversee your compliance, that person should take proper responsibility for your data protection compliance and has the knowledge, support and authority to carry out their role effectively.

STEP 12 – International
If you are lucky enough to deal internationally with your organisation you should determine your lead data protection supervisory authority and document this. The lead authority will be where your central administration is located but only relevant where you carry out cross-border processing. (This step doesn’t apply to my garage. Currently).

Hopefully, this article will be helpful in becoming compliant for yourself. The advantage in doing this yourself will enable your organisation to be familiar with the new legal responsibilities organisations have with respect to personal data. The next article will thoroughly examine the subject of consent and how it is applied in this context.

Posted in CAT Know-How, Factor & Supplier News, Garage News, News, Retailer NewsComments (0)

VOLVO INVESTS IN £6MILLION TRAINING FACILITY

Tags: , , , ,

VOLVO INVESTS IN £6MILLION TRAINING FACILITY


Volvo’s Daventry premises

A new Training and Development Centre has been opened by Volvo Car UK, following a recruitment drive to employ 300 new technicians into its dealer network by 2020.

The Daventry-based premises comes as a £6m investment that will offer year round training for Volvo staff and its retail network. To support this, the site contains a 16-vehicle bay workshop, accompanied with a spacious auditorium and classrooms featuring remote video and web-based technologies for supporting off-site and online training. In addition, the centre is equipped to assist technicians with servicing electric and autonomous vehicles.

The launch will help streamline the firm’s operations including its new Volvo Retail Experience (VRE) and Volvo Personal Service (VPS) retail initiatives as Jon Wakefield, Managing Director of Volvo Car UK, highlights: “I’m very proud of our new training facility, which represents a significant commitment to both our operations in Daventry and our retailer network throughout the country.

“The site is a fitting accompaniment to Volvo’s transformation into a true premium car brand that is a technological leader, as well as the big improvements we are
introducing to the customer experience.” The dealership is already hosting training programmes for its new XC40 premium compact SUV that will appear in UK retailers early this year. The full list of courses can be accessed via Volvo’s website (volvocars.com).

Posted in Blogs, Factor & Supplier News, Garage News, News, Retailer News, UncategorisedComments (0)

ECP TAKEOVER OF ACCESSORY WHOLESALER ARLEIGH INTERNATIONAL

Tags: , , , ,

ECP TAKEOVER OF ACCESSORY WHOLESALER ARLEIGH INTERNATIONAL


ecparleighEuro Car Parts (ECP) has announced the acquisition of leisure retail supplier Arleigh Group – which operates under the trading names of Arleigh International, Nova Leisure and Midland Chandlers. Terms of the deal were not disclosed.

Arleigh, whose head office is based in Warwickshire, is a distributor of products and accessories to the UK Caravan, Holiday Home, Motorhome and Inland Marine markets offering over 13,000 product lines to its customers.

Martin Gray, CEO of ECP said: “With the purchase of Arleigh, we not only gain the expert knowledge from the highly trained and knowledgeable employees, but more excitingly see the Euro Car Parts customer proposition widen further, bringing our market leading distribution efficiencies and pricing to the most important people, our customers. The Leisure sector presents an ideal growth opportunity and we are delighted to have gained a well-respected, market leading supplier in this field”.

Sukhpal Singh, U.K. Chairman and LKQ Board Member added: “We are looking forward to growing the Arleigh brand further and welcoming the passionate Arleigh community into the unique Euro Car Parts family”.

Alastair Thomas of Arleigh stated: “We are delighted to enter into an ownership with LKQ and Euro Car Parts. Currently we see so many best practices that we can share, which will ultimately end up in the consumer benefiting, whilst protecting current supply agreements”.

ECP has stated that the plan ‘heralds the next chapter’ in its expansion of the Specialists Products Divison.

Posted in Latest News, latest news, News, Retailer NewsComments (0)

SAS AUTOPARTS ACQUIRED BY PARTS ALLIANCE

Tags: , , , , , ,

SAS AUTOPARTS ACQUIRED BY PARTS ALLIANCE


Peter Sephton

Parts Alliance Group CEO Peter Sephton

Business group The Parts Alliance has swelled its ranks with the acqusition of SAS Autoparts. Terms of the deal were not disclosed.

SAS was founded in 1960 and has branches in Harrogate, Otley, Skipton, Bradford, Castleford and Northallerton.

The Parts Alliance’s Chief Executive Peter Sephton said he was excited to be welcoming new colleagues from SAS to the HgCapital-backed group

‘’SAS Autoparts is a great business with outstanding customer and staff loyalty providing local service in the Yorkshire area and adds to our national strength’’ he said.

HgCapital continues to support The Parts Alliance with the acquisition of SAS, which will be a wholly owned business within The Parts Alliance Group but will continue to trade locally under its own brand name and will continue under Managing Director David Brooks and his current management team.

Peter Sephton added: “This is a great acquisition which strengthens our presence in the north while encouraging a common vision and culture, but retaining local brands, entrepreneurial spirit and customer focus.”

David Brooks said: “We are looking forward to working with Peter Sephton and the rest of the management team and developing and growing SAS into an even better business.”

 

 

Posted in Factor & Supplier News, Garage News, Latest News, latest news, News, Retailer News, UncategorisedComments (0)

Advertisement
  • It has been the grimmest month for the High Street, so what can accessory retailers do?
  • Bentley Lifestyle: A specialist talks tips of the trade
  • Keep it rolling: New challenges in the S&S sector

more info

    • Sorry, there are no polls available at the moment.
    • Popular
    • Latest
    • Comments
    • Tags
    • Subscribe