At first glance, many bodyshop owners are looking at the GDPR for bodyshops and thinking ‘what has this got to do with me?’.
Whether you are a bodyshop that gets all your work from work providers (insurance companies, accident management companies etc) or you focus on retail sales, the fact is that you use and handle customers’ personal data. In an industry reportedly worth £3.5 Billion (Source – Grant Georgiades, Plan Insurance) the responsibility to look after your customers’ personal data is massive.
In the bodyshop industry, the types of customer information used can be wide and varied, ranging from simple names and addresses to sensitive health information such as lung function test results. Let’s not forget your staff information, that’s personal information that falls under the GDPR too!
Bodyshops are in an unusual position as in some instances they are the data processor (where the work provider is the data controller) and in other occurrences, they are the data controller (where somebody walks into your bodyshop and asks for a repair to be done). Bodyshop personnel have access to a lot of personal information on a lot of assets.
Often bodyshops store personal data that they no longer need in boxes housed on a mezzanine floor somewhere in the building. This is fine as long as they are stored securely and you are able to prove this.
Bodyshops also have a lot of assets which include smartphones, laptops, IP phones, safes, desk drawers, job packs, USB sticks. All of which could have customers’ personal information on. All of which must be logged in your asset register.
You’ll also need to identify all the different types of personal information that you handle as well as which of your staff has access to it. Job packs, for example, may contain details such as names, addresses, car registration numbers etc, but does the alloy wheel repairer you use really need to have all of that information?
Bodyshops are complex businesses repairing vehicles expertly on little margin and high time pressures. It’s fair to say that data protection is not one of the bodyshops key skills!
Our GDPR for bodyshops solution is designed to take into account a bodyshop’s needs. It will help you create an asset register, identify all of your personal data types, link them with your reason and lawful basis for using that personal data AND it will give you all of the relevant policies and procedures uniquely populated with your company’s information.
The online portal for bodyshops is easy to use and designed to make life easier. Allowing you have more time to help your customers.
GDPR for Bodyshops offers you?
- A simple to use place to list all of your job packs, cameras, storage devices, computers, smartphones etc (Breachable Assets).
- The ability to document how you have made your customer and employee personal data safe.
- Assign levels of responsibility to all relevant staff members.
- A clear indication of where the weaknesses in your systems lie.
- Up to date legal policies and procedures.
- Produce easily viewable evidence of the safety of your personal data.
- The opportunity to list multiple sites in one location.
The GDPR Ready Minimum Legal Documentation Bodyshops will Require?
Included in the GDPR for Bodyshops portal is are the policies and procedures document below. The GDPR portal creates customised GDPR policies and procedures for your bodyshop. The documents are as easy to read as possible.
- Data retention policy
- Consent Policy
- Data retention procedure
- Subject access request procedure
- Data destruction policy
- Breach management policy
- Breach management procedure
- Data destruction procedure
Who is GDPR for Bodyshops for?
Any size bodyshops whether regardless of whether you are an independent or part of a group.