Data collection affects more than just Google, Facebook and WhatsApp.
Automotive OEMs collect data as well. Data about repairs, diagnostics, geolocation and even vehicle misuse are often taken from a vehicle, processed and stored. There is usually a valid reason for data collection. For example, data can be used to perform a diagnosis or to monitor a product’s performance in the market.
Most of the time, however, customers are not told about data extraction from their vehicles. When a workshop order is signed, the workshop rarely explains which data will be acquired, why it is being acquired or how it will be processed.
This will have to change with the EU General Data Protection Regulation (GDPR), which requires automotive OEMs and dealers to inform customers about data acquired during a workshop visit. The GDPR requires dealers to provide crystal clear descriptions of the reasons for data extraction, processing and transfer when they connect a vehicle to diagnostic equipment. Dealers can only comply with this requirement by cooperating closely with OEMs, with the OEM monitoring the use of data just as it monitors repairs and workshop competence.
ADAPTING TO GDPR REQUIREMENTS
Currently, OEMs tend to focus on providing data processing declarations and obtaining customer consent for data processing for marketing purposes. With GDPR, they will have to supply their dealers with information about data processing. Dealers will have to adapt their dealer management systems (DMS) and customer communications to include this information.
Managing these adaptions properly, and with due diligence, will be a huge challenge for dealers, particularly small and medium sized ones. They will not have the management bandwidth to adapt their processes to GDPR requirements without OEM support.