Latest News:

autotechnician - serving the independent workshop - logo

Shape up on data management to avoid non-compliance fines

By autotech-nath on January 21, 2018


Impending rule changes governing the way that businesses manage and store customers’ personal data come into force on 25th May 2018. Now is the time to prepare.

Called the General Data Protection Regulation (GDPR), this new legal framework is the biggest change to data privacy legislation in over two decades, according to audit, tax and consulting firm, RSM. They, and others, are urging workshops to complete their preparation now. Failure to comply with the new rules could see garages facing significant financial penalties and damage to their reputation. For example, very large businesses with a serious breach could currently receive a maximum fine of around £500,000. This rises to a theoretical maximum of £17million, or 4% of global annual turnover, under GDPR.


Steve Snaith, Technology Risk Assurance (TRA) Partner at RSM, explains, “In a growing digital economy, where data can be collected and stored within seconds, there is more risk of cyber security breaches, which was highlighted by the recent WannaCry ransomware attack. Therefore it’s increasingly more important to make sure clear processes and safeguards are put in place to protect both clients and companies.”

Steve adds that, although GDPR is a welcome attempt to curb growing fears around how companies use and manage personal information, the new framework, “will drastically affect the future of stored personal data and increase company accountability.”

The GDPR places greater emphasis on the documentation businesses must keep to demonstrate their accountability. Compliance with all the areas listed in this document will require organisations to review their approach to how they manage data protection. One aspect of this might be to review the contracts and other arrangements you have in place when sharing data with other businesses with whom you work. Do you share customer details with a mobile smart repairer, main dealer, diagnostics specialist, or valeter perhaps?


Like the Data Protection Act (DPA), the GDPR applies to ‘personal data’. However, it has a broader definition of what constitutes personal data, reflecting changes in technology. Information such as an online identifier – for example, an IP address – can be personal data.

For most workshop businesses, keeping HR records, customer lists, or contact details, the change to the definition of personal data should make little practical difference. You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR.

However, the GDPR applies to both automated personal data and to manual filing systems where personal data is accessible according to specific criteria. This is wider than the DPA’s definition and could include chronologically ordered sets of manual records or job cards, containing personal data.


Small business have access to a dedicated advice line. To access the new service dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support. As well as advice on preparing for the General Data Protection Regulation, callers can also ask questions about current data protection rules and other legislation regulated by the ICO, including electronic marketing and Freedom of Information.

The rules are different depending on the size of the organisation. Only the largest businesses (over 250 employees) need to implement all of the steps. For most workshops, the following are the key steps: 

1 – Identify what types of personal data you collect, store and manage

2 – Review whether the information you keep meets data protection and GDPR requirements

3 – Review how you seek, record and manage consent to storing and, if relevant, sharing data

4 – Ensure the same from any third party contractors or business partners

The Information Commissioner’s Office (ICO) website will be updated as new information is available. Already the site has some useful information, including a ‘12 Steps to Take Now’ document and a ‘What to Do Next’ tool.


Screen Shot 2018-01-21 at 09.25.30The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. The GDPR is only a part of the overall data protection framework.

The Government has confirmed its plans to introduce a Data Protection Bill into Parliament. This should become law in 2018, replacing the current Act.

Visit to find out more and stay up to date.



About Autotechnician
Autotechnician is a magazine published nine times a year, delivering essential information to independent garage owners and technicians in the UK. Delivered both digitally and in print, autotechnician provides readers with technical, training, business advice, product and news, allowing our readers to keep up to date with information they need to run and work within a modern workshop.
Aftermarket Media Solutions Ltd, The Joiners Shop, Historic Dockyard Chatham, Kent ME4 4TZ
T: 01634 816 165
Company no. 09625886
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram