Software provider Sofico is working with automotive finance, leasing, fleet and mobility companies to prepare for the forthcoming EU General Data Protection Regulation (GDPR) which has repercussions for all businesses holding client data and information.

The new GDPR, which takes effect from May next year, will impact on almost every organisation based in the EU, as well as every organisation that does business in the EU even if based abroad.

Non-compliance poses a great operational risk for many businesses, as infringements are punishable by fines of up to €20 million or 4% of the company’s total worldwide annual turnover, whichever is higher.

Sofico, which manages more than 1.5 million vehicle contracts globally via its software systems, has been explaining the new requirements to leasing companies, both captive and non-captive, along with other fleet clients to ensure they are fully compliant by the time the new rules become law.

The data protection reform is intended to be a key enabler for a digital single market (DSM), a priority of the European Commission, and to allow EU citizens and businesses to fully benefit from the new digital economy.

The new rules aim to assure that a number of principles are upheld regarding the lawful processing of personal data, such as transparency about which data is being stored and why, and limitations on what is stored and for how long.

At the same time, the new rules aim to better safeguard a number of rights for Individuals such as the right ‘to be forgotten’, while companies that process personal data must demonstrate they are compliant with legislation, both to regulators and stakeholders.

The new regulation raises the bar for compliance significantly, requiring greater openness and transparency. It also imposes tighter limits on the use of personal data and gives individuals more powerful rights to enforce against organisations.

Satisfying these requirements could prove to be a serious challenge for many organisations, Sofico believes.

Gémar Hompes, managing director of Sofico, which is now present at 31 different sites in 20 countries around the world, said:”Bearing in mind the length of software release cycles from providers like ourselves, plus the update schedule of many internal IT departments, there's not actually a lot of time for leasing companies and captive finance providers to assure compliance before the deadline of next May.

“While some of the actions that need to be taken are strictly the responsibility of leasing companies, software suppliers will also need to make changes to any software used to gather or process personal data, to enable their customers to comply with the new regulations."

Sofico has a project team working on all issues relating to the GDPR, and ensuring that its product and data processing activities allow clients to be compliant with the new regulation.

Issues currently being reviewed include data security, documentation of procedures, and contractual aspects required to satisfy the requirements imposed by the GDPR.