Remarketing companies will need to ensure all personal data is removed from a used vehicle prior to its sale.

Satnav address records and Bluetooth phone information stored on used cars and vans will be classed as personal data, and must be removed, under new General Data Protection Regulation (GDPR) next year.

As AM prepares to host its own dedicated GDPR conference, the Vehicle Remarketing Association (VRA) says this will be a headache for remarketing companies due to the time and complexity of clearing the systems.

Sam Watkins, deputy chair at the VRA, said: “Anyone who has bought a used car in the last few years will know data such as satnav and phone records from the previous owner is often not removed when a vehicle is sold.

“It’s probably a good idea in general that this data should be deleted – it provides a very good indication of a person’s movements, work and social activities – but GDPR makes it a legal responsibility. At some point in the supply chain, it has to be deleted. The question is – who should be responsible for doing this?”

Deleting records can differ from car-to-car, adding complexity, and the process is often time consuming – a particular challenge for those handling large volumes of ex-fleet vehicles.

“There is no apparent, easy solution, but the VRA is looking at this issue and will be seeking guidance from manufacturers and others,” added Watkins.

Tim Bailey, fleet services director at Auxillis Services, a vehicle rental company, has been preparing for the new regulations for some time.

He said: “Since the end of last year, on collection of vehicles from our customers, we remove all previous satnav and in car phone records, as a matter of course. Given the varying methods employed by the manufacturers, this is no easy task but is essential nevertheless.

“Any record that can be tied back to an individual needs to be dealt with in accordance with GDPR and your company’s resultant control policies.”

  • AM will host a GDPR conference covering the major aspects of the new EU legislation at the Hilton Doubletree, Milton Keynes, on 22nd February 2018.

The speakers include data experts from the Direct Marketing Association and cyber security experts.

For more information about the event – or to confirm your attendance by booking a place – visit https://amgdprconference.am-online.com/