Do Not Sell My Personal Information Jump to content


Effects of New Data Protection Legislation


Recommended Posts

A very negative effect of this legislation is that the history of a vehicle is going to be shrouded in mystery. The reason came apparent this week when I changed cars. I was going to supply the dealer with all my paper service documents but was told they had now to destroy everything with my personal details on. 

Okay not the end of the world BUT I changed my mind today when I received the new V5c for the car I purchased to find that it no longer bears any details of the last keeper...... A wonderful aid for the fraudster 

Link to comment
Share on other sites


Car dealers should be trying to erase names and addresses but to keep the work records intact.

Unfortunately, that doesn't help when the new owner wants to contact the previous owner for something.

Link to comment
Share on other sites

22 minutes ago, NemesisUK said:

Suppose it's simpler to just erase it.

No, they could invest a few quid in one of these Kespon rollers that obliterates text with one swipe. I got one a couple of weeks ago and it works brilliantly. Quick and simple, it would fulfil the requirements of GDPR while still keeping service records intact.

 

inkroll.jpg

  • Like 2
Link to comment
Share on other sites

14 hours ago, olliesgrandad said:

A very negative effect of this legislation is that the history of a vehicle is going to be shrouded in mystery. The reason came apparent this week when I changed cars. I was going to supply the dealer with all my paper service documents but was told they had now to destroy everything with my personal details on. 

Okay not the end of the world BUT I changed my mind today when I received the new V5c for the car I purchased to find that it no longer bears any details of the last keeper...... A wonderful aid for the fraudster 

Never thought of that. Assume it doesnt apply to private sales though?

Whats annoying me more is the fact every website I go on now makes me click through multiple different buttons to access it

Link to comment
Share on other sites

One of the up sides to the data protection act. Parking companies such as Parking Eye can be made to declare what information they hold on your cars registration "owner, address ect", and they have to respond in 28 days. You can also demand the data held is deleted, how and by when it's deleted and be given a list of any companies the data has been passed on to. If enough people do this it will cause them real problems as they must respond.
This means they will now have to pay  the DVLA for information every time a registration number crops up they will no longer be able to store it. You should also be able to ask the DVLA under the freedom of information act what information they have passed on, and to who.

John.

  • Like 1
Link to comment
Share on other sites


I found gdpr very confusing. I'm sure many have. Are organisations like DVLA still allowed to sell data to private companies?

Sent from my STV100-4 using Tapatalk

Link to comment
Share on other sites

I was thinking about this today and I reckon that the DVLA and car dealers like those mentioned in the OP are completely wrong.

In my opinion a name and address on a V5 or service record cannot be considered "personal information" under the GDPR, or at least not personal enough. If they were giving out my credit record or my medical records then fair enough, that comes under GDPR.

A simple name and address can be found as a matter of public record in a telephone directory or an electoral role, so unless they have now suddenly become illegal then a name and address surely can't be covered by GDPR can it?

Link to comment
Share on other sites

Names and addresses can be covered by GDPR. 
Scenario:- 
A thief wishes to steel a given make of expensive car. He sees the model and color of car he wishes to steel driving down a road, and takes note of it's number. If he is working for or in collusion with anyone with access to the DVLA data base be it a parking company or other. He know has the details of where to find the car to steal at knight or worse car jack.
These details should not be for sale.

John.

Link to comment
Share on other sites

No, sorry John, I'm not having that.

DVLA will still have names and addresses on their databases (just not being printed on V5 anymore) so an 'inside job' by current, ex, or disgruntled employees can be done with or without GDPR. In fact, your example is exactly why I can't understand people who blank out their number plates when posting pictures of their cars on here or other forums. How many hundreds or even thousands of people see my number plate every day as I drive around? If anyone did want to play out your scenario, GDPR certainly wouldn't stop them.

My name and address are freely available to anyone who looks in the Preston telephone directory so I have no qualms about it appearing on a V5 for the new owner to see when I sell my car.

Link to comment
Share on other sites

Unfortunately, it doesn’t matter if you agree or not. Personal data is information that can identify an individual. Name and address certainly does do that. However, a surname and town wouldn’t. I find it a bit tenuous when a car registration is deemed personal information, as on its own, it doesn’t identify an individual. Only with access to the registered keeper name and address, would it identify someone (ie on a V5)

Re: masking number plates on forum posts. Whilst I don’t see the point myself, a thief is far more likely to attempt to clone plates on the same car, if, they are unlikely to come across the same car in the area. So online, you could pick a reg number for the same model/colour of car, and be 99.99 percent sure it will be in another area of the country altogether.


Sent from my Iphone using Tapatalk Pro

Link to comment
Share on other sites

The fact that the previous owner`s details  are not on the V5 surely emphasises the need to ensure, so far as one reasonably can, that a vehicle has a full documented service history and is bought from a reputable Dealer?

Link to comment
Share on other sites

11 minutes ago, royoftherovers said:

The fact that the previous owner`s details  are not on the V5 surely emphasises the need to ensure, so far as one reasonably can, that a vehicle has a full documented service history and is bought from a reputable Dealer?

Yes, that's the point. Some dealers are destroying ALL paperwork with names and addresses on when all they really need to do is to obliterate that information but keep the work record.

Link to comment
Share on other sites


1 hour ago, sorcerer said:

Yes, that's the point. Some dealers are destroying ALL paperwork with names and addresses on when all they really need to do is to obliterate that information but keep the work record.

So, on the basis that the consumer is king and taking market forces to its logical conclusion, if all prospective purchasers were to demand sight of the vehicle`s previous history and all Dealers stated that they had destroyed them, then there would be no purchase and no sale!

This only needs to happen once on one single day in co-ordinated action and boy would circumstances change!

Sadly consumers of all products fail to recognise latent and co-ordinated power.

I have no left winged or socialist learnings but I do recognise the potential of consumer demand, or rather, the lack of it.

Social media is however leaning towards motivating the consumer:):):)

  • Like 1
Link to comment
Share on other sites

37 minutes ago, sorcerer said:

Yes, that's the point. Some dealers are destroying ALL paperwork with names and addresses on when all they really need to do is to obliterate that information but keep the work record.

An awful lot of this is down to how GDPR is being (wrongly) interpreted. My wife runs a restaurant for a large international chain and currently they are unable to take bookings because according to instruction from their head office recording a customer's name and phone number in a bookings book or similar is in breach of GDPR. Clearly wrong, clearly impractical, not at all how GDPR was intended to work and for some another excuse to roll their eyes and moan about yet more legislation from Brussels. When in fact it's some numpty at head office.

  • Like 1
Link to comment
Share on other sites

An awful lot of this is down to how GDPR is being (wrongly) interpreted. My wife runs a restaurant for a large international chain and currently they are unable to take bookings because according to instruction from their head office recording a customer's name and phone number in a bookings book or similar is in breach of GDPR. Clearly wrong, clearly impractical, not at all how GDPR was intended to work and for some another excuse to roll their eyes and moan about yet more legislation from Brussels. When in fact it's some numpty at head office.


The thing is, GDPR is meant to cover such things. That said, you can capture and keep information for legitimate reasons, so reserving a table for a customer is such a reason. Once the reservation has gone, you don’t have a legitimate reason to then keep it, so just obliterate the name. Depending what info you collect, arguably, the info then falls outside personal data/GDPR. Mr Bloggs on its own doesn’t identify an individual, but, “The Prince of Wales” does. It is therefore just simpler to remove all names.


Sent from my Iphone using Tapatalk Pro
Link to comment
Share on other sites

17 hours ago, sorcerer said:

No, sorry John, I'm not having that.

DVLA will still have names and addresses on their databases (just not being printed on V5 anymore) so an 'inside job' by current, ex, or disgruntled employees can be done with or without GDPR. In fact, your example is exactly why I can't understand people who blank out their number plates when posting pictures of their cars on here or other forums. How many hundreds or even thousands of people see my number plate every day as I drive around? If anyone did want to play out your scenario, GDPR certainly wouldn't stop them.

My name and address are freely available to anyone who looks in the Preston telephone directory so I have no qualms about it appearing on a V5 for the new owner to see when I sell my car.

I think you misunderstand what I was saying. Anyone can see my reg at any time on the road, but they cannot see my name and address. I agree the DVLA will still hold my name and address against my reg number, but passing my name and address on from my registration to anyone other than police or local authority is or should be against the legislation.

John

Link to comment
Share on other sites

We've had the GDPR talk at work. If a customer asks to be deleted from our records we delete their name and address telephone number etc. from our records and instead we replace all personal details with an automatically generated number. We give that number to the customer and it's up to them to keep it secure.

That way they can have their personal data erased, but still have an order history for warranty claims etc. However, without that serial number, we cannot identify their previous orders and can't honour any warranty. They get informed of the importance of the number when we anonymise their data. The last email they get before we delete their details from our email sever is the one with the number on it.

It should be easy for garages then to keep a history of the vehicle, but have no details of the owner.

But I guess it's easier just to delete the data completely rather than use our system. :-) But it'll be an interesting conversation explaining to a customer that you can't honour the warranty on the car they bought or the service they had last week because they asked you to erase their data. Not sure how that fits in with consumer rights legislation.

I forgot to say taking the information is okay at the front end as long as the customer is explicitly asked if it's okay to keep their data and you keep it secure. So you can still write their name and address, telephone number etc. on a fag packet, as long as that fag packet is kept secure and is destroyed upon request from the customer.

 

Link to comment
Share on other sites

We've had the GDPR talk at work. If a customer asks to be deleted from our records we delete their name and address telephone number etc. from our records and instead we replace all personal details with an automatically generated number. We give that number to the customer and it's up to them to keep it secure.
That way they can have their personal data erased, but still have an order history for warranty claims etc. However, without that serial number, we cannot identify their previous orders and can't honour any warranty. They get informed of the importance of the number when we anonymise their data. The last email they get before we delete their details from our email sever is the one with the number on it.
It should be easy for garages then to keep a history of the vehicle, but have no details of the owner.
But I guess it's easier just to delete the data completely rather than use our system. :-) But it'll be an interesting conversation explaining to a customer that you can't honour the warranty on the car they bought or the service they had last week because they asked you to erase their data. Not sure how that fits in with consumer rights legislation.
I forgot to say taking the information is okay at the front end as long as the customer is explicitly asked if it's okay to keep their data and you keep it secure. So you can still write their name and address, telephone number etc. on a fag packet, as long as that fag packet is kept secure and is destroyed upon request from the customer.
 


That’s an interesting approach. Ultimately, if you have a relationship with a customer (they have a warranty), you can refuse to delete them, and that refusal is justified. If they ask to be forgotten, and you do, they have no right to return to you for any information afterwards. Anything relating to the vehicle would be linked via the registration, so the vehicle history can still be traced.


Sent from my Iphone using Tapatalk Pro
Link to comment
Share on other sites

1 hour ago, TigerFish said:

 


That’s an interesting approach. Ultimately, if you have a relationship with a customer (they have a warranty), you can refuse to delete them, and that refusal is justified. If they ask to be forgotten, and you do, they have no right to return to you for any information afterwards. Anything relating to the vehicle would be linked via the registration, so the vehicle history can still be traced.


Sent from my iPhone using Tapatalk Pro

 

Linked via a  Registration Number yes , but more importantly the VIN Number.

A contract is still a contract and the onus must be  on the Seller to retain such information which enables him to discharge his responsibilities to the purchaser , whilst retaining the confidentiality of the purchaser`s information. The purpose of the new legislation cannot be to enable the seller to escape his responsibilities.

Link to comment
Share on other sites

Linked via a  Registration Number yes , but more importantly the VIN Number.

A contract is still a contract and the onus must be  on the Seller to retain such information which enables him to discharge his responsibilities to the purchaser , whilst retaining the confidentiality of the purchaser`s information. The purpose of the new legislation cannot be to enable the seller to escape his responsibilities.

 

Yeah, That’s my point. There is a legitimate reason to keep the details in order to uphold your responsibilities. At the point you have no further responsibility to the customer (warranty expired, guarantee expired, loan paid off, whatever) the customers can exercise the right to be forgotten. But that is exactly that, and they no longer have any right to anything when you don’t know who they are anymore. That’s why in theory, the use of this unique number, as soon as the customer presents that number, you have established who they are as an individual again against your records, which could be treading a fine GDPR line. A customer cannot have it both ways, they are either forgotten, or not. But it is the data owners responsibility to ensure they refuse an unreasonable request in order to comply with their obligations, be that legally, regulatory or any other legitimate reason.

 

 

Sent from my Iphone using Tapatalk Pro

Link to comment
Share on other sites

The problem is the customer has the right to have their personal details erased. You have to fulfill their rights under GDPR  AND under consumer law. One cannot exclude the other. So the only way to fulfill both is to anonymise their data but have a way of retrieving the list of orders placed. Don't forget a registration number can be traced and ultimately used to identify an individual and link them to orders. The only way to fulfill GDPR and consumer law is to link orders with anonymous data, hence the anonymous number approach. 

Link to comment
Share on other sites

On 6/19/2018 at 6:24 PM, TigerFish said:

 

Yeah, That’s my point. There is a legitimate reason to keep the details in order to uphold your responsibilities. At the point you have no further responsibility to the customer (warranty expired, guarantee expired, loan paid off, whatever) the customers can exercise the right to be forgotten. But that is exactly that, and they no longer have any right to anything when you don’t know who they are anymore. That’s why in theory, the use of this unique number, as soon as the customer presents that number, you have established who they are as an individual again against your records, which could be treading a fine GDPR line. A customer cannot have it both ways, they are either forgotten, or not. But it is the data owners responsibility to ensure they refuse an unreasonable request in order to comply with their obligations, be that legally, regulatory or any other legitimate reason.

 

 

Sent from my iPhone using Tapatalk Pro

Tigerfish, you are right there are opt-outs for certain reasons, such as contractual or legal ones, but in our case we can still fulfil those obligations with anonymous data as long as the customer understands they have an obligation to hold onto the anonymous serial number.

Keeping the links between their orders but changing the data to mr 1234 at 1234 street, 1234 town, postcode 1234, telephone number 1234 and email address 1234 still gives you the ability to trace their activity on our system but not identify them. 

But then you give them the serial number and it's up to them to hold onto that and use it for any further correspondence. Otherwise you cannot identify them, which is the whole point of GDPR.  If they lose the serial number tough, you cannot deal with any requests from them.

But that's the consequence of the ill-thought out legislation. 

We've even had people place orders on the phone and then refuse to give their details under GDPR. At that point we politely inform them that they will not be placing an order with with us over the phone because as yet we can't post orders to an anonymous person at an unknown address. However they are welcome to come to the shop to place an order anonymously and pay for it by cash, although wearing a balaclava in the shop might be taking things a bit too far and invite an unwanted reaction. :-)  Anything else would contravene our responsibilities to them under GDPR.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share



×
×
  • Create New...