Blue and White paper - GDPR

We outline what is new vs familiar, and offer practical steps you can take today

Published: 7th December 2017

In the third "Blue and White paper" from Cox Automotive Data Solutions, we take a detailed look at a hot topic for the automotive industry: GDPR. Read the Executive Summary, or download the full paper below.

GDPR and the automotive industry

Author: Ian Inman, Head of Privacy and Data Protection
Editor: Dr Shaun McGirr, Lead Data Scientist

Executive Summary

  1. The General Data Protection Regulation (GDPR) comes into force in the UK on 25 May 2018. It builds upon existing data protection law, adding more detail to existing requirements, new rights for individuals, and new obligations on those who process personal data.

  2. The GDPR provides several legitimate grounds for processing personal data. Not all processing need be based on the consent of the individual and all grounds are equally valid.

  3. The maximum fine for contraventions of the GDPR is 20 million euros or 4% of global turnover. However, these fines are not mandatory and are the absolute maximum.

  4. Organisations must comply with the GDPR’s requirements and be seen to be compliant. It makes concepts such as privacy by design and default a legal requirement and encourages Data Protection Impact Assessments in all cases, requiring these in some cases.

  5. The GDPR introduces a higher standard of consent and explicitly prohibits silence, inactivity and pre-ticked boxes as valid consent. Organisations are not required to get fresh consent if their current consents meet the GDPR standards.

  6. The right to erasure, right to restrict processing and right to data portability are all new rights created by the GDPR. Dealers and Manufacturers will need to check their Dealer Management System, Customer Relationship Management systems, and any others that store personal data, to ensure they are functionally compliant.

Note: this is our view based on the data available to us at present. Readers should compare our findings with their own experience before making the decision that is best for their business. This technical paper does not constitute legal advice on GDPR compliance or any other matter of data protection.

If you have any questions about this paper, please get in touch.

Media contact: Gwen Allen, 07392 082320

Blue and White paper 3 - GDPR - 2017-12-07.pdf


Download pdfDownload pdf file

Our Blog for the latest news, views and market intelligence.


Connected cars will be the more valuable asset in automotive by 2025.

Connected cars will be an essential asset - increasing levels of technology mean that they house more opportunities for data.

Read more
Data 8th March 2018

Cox Automotive run the 3rd in their series of free webinars offering practical advice on GDPR

Delivered by our Head of Privacy and Data Protection, Ian Inman, the 3rd in our series will cover Breach Notification.

Read more
News 1st March 2018

Cox Automotive are running a series of free webinars offering practical advice on GDPR

Watch the first in our series here, and sign up for the next focussing on consent.

Read more
News 15th February 2018

The future is closer than we think - the reality of autonomous cars

Gone are the days where watching self-driving cars in the movies was futuristic fantasy; these are now an imminent reality.

Read more
News 1st February 2018