Fleet News

GDPR raises satnav and phone data issue for remarketing industry

Row of parked cars

Satnav address records and Bluetooth phone information stored on used cars and vans are set to create a headache for remarketing companies with the arrival of General Data Protection Regulation (GDPR) next year, says the Vehicle Remarketing Association (VRA).

The trade body, which represents companies that are involved in remarketing more than 1.5 million vehicles every year, says that the principle of personal data within GDPR means that the information should be removed before sale – but that doing so wasn’t always easy.

Sam Watkins, deputy chair at the VRA, said: “Anyone who has bought a used car in the last few years will know data such as satnav and phone records from the previous owner is often not removed when a vehicle is sold.

“It’s probably a good idea in general that this data should be deleted – it provides a very good indication of a person’s movements, work and social activities – but GDPR makes it a legal responsibility. At some point in the supply chain, it has to be deleted. The question is - who should be responsible for doing this?

“The problem is that each different manufacturer and sometimes different model has its own way of deleting these records, plus it is quite time consuming. If you are processing thousands of ex-fleet vehicles through an auction every week, it’s a genuine headache.

“There is no apparent, easy solution, but the VRA is looking at this issue and will be seeking guidance from manufacturers and others.”

Tim Bailey, fleet services director at Auxillis Services, a vehicle rental company providing replacement vehicle services, said: “We have been aware of the GDPR legislation for some time and preparing for this legislation in a number of areas.

“Since the end of last year, on collection of vehicles from our customers, we remove all previous satnav and in car phone records, as a matter of course. Given the varying methods employed by the manufacturers, this is no easy task but is essential nevertheless.

“Any record that can be tied back to an individual needs to be dealt with in accordance with GDPR and your company’s resultant control policies.”

General Data Protection Regulation will replace the Data Protection Act 1998 (DPA) in May, 2018. It is European legislation designed to unify the separate EU member states’ regulations and to give people living in the EU more control over their personal data. 

Fundamentally, GDPR is the same as the Data Protection Act but there is a high degree of emphasis on accountability and transparency, and businesses must demonstrate and create robust audit trails for compliance and decision making.

The new law also comes with significant penalties, with much wider scope than the DPA - for data processors now as well as data controllers. Ultimately, companies can be fined up to 4% of their worldwide turnover.

The issue of GDPR was raised at the September member meeting of the VRA, which was attended by more than 30 industry experts and took place at the premises of Fleet Auction Group in Coalville, Leicestershire.

Click here for remarketing best practice and procurement insight

Leave a comment for your chance to win £20 of John Lewis vouchers.

Every issue of Fleet News the editor picks his favourite comment from the past two weeks – get involved for your chance to appear in print and win!

Login to comment


  • Gary Hibberd - 06/03/2018 16:49

    Interesting article... But this is relatively easy to answer. The responsibility rests with the Data Subject to remove their data. But it would be prudent for the the company who are selling the car to end-users to check the data has been removed. To be honest, this isn't only a Data Protection matter - it's good customer service! When buying a car (new or used) I expect the car to come to me 'like new'! That means the glove compartment better be as clean as the boot. And I expect the radio stations to blank (as well as the History on SatNav). This isn't rocket science. Car dealerships often state they have a' 50 point inspection' on all new and used vehicles... So make it 51!! As an Information Security and Data Protection specialist, I find articles like this interesting but ultimately frustrating. We're effectively stood on the deck of the Titanic, worried about ice in our drinks but ignoring the iceberg ahead. Start with the big stuff... and sweat the small stuff later!

Compare costs of your company cars

Looking to acquire new vehicles? Check how much they'll cost to run with our Car Running Cost calculator.

What is your BIK car tax liability?

The Fleet News car tax calculator lets you work out tax costs for both employer and employee