Motor Trader The award-winning and longest running UK magazine for car retailing professionals. Your first stop for News, Jobs and Reports for the motor industry.
Security is vital for businesses handling customer data and historically, it‘s rare that they experience breaches, but a recent ICO Information Commissioner’s Office prosecution was a wake up call.
It resulted in a six month jail sentence for a rogue motor trade employee who stole work-related data, and highlighted the need for vigilance.
The vast majority of staff are trustworthy but risks remain. Although individuals can be prosecuted for stealing customers’ data, dealers shouldn’t be fooled into thinking their businesses will be absolved of any responsibility. If the ICO determines processes and procedures weren’t in place to reduce the risk of data breaches, dealers could still face hefty GDPR fines.
Stolen customer data can lead problems ranging from nuisance sales calls all the way to identity fraud and compromised bank accounts. The fallout can be significant, damaging trust and brand reputation. So what can dealers do to avoid the risks of a data breach?
It’s important to ensure that all existing staff and new employees are educated about the seriousness of data protection. Dealers should explain business policies and procedures that staff must adhere to.
Employment contracts should be updated to make clear what is expected of employees. Their agreement to these protocols will make action easier should they breach the rules. This also shows that measures have been put in place to help prevent misuse of customer data, and it’s worth reminding employees that they can be prosecuted and face fines or even a prison sentence if they break the law.
Dealers can reduce the risk of data theft by making sure all employees have individual logins for systems containing personal customer data. Change passwords immediately if you suspect these have been compromised and only give personalised employee login permissions for system areas and data that are required for specific jobs. Staff must not share login credentials as this can lead to accountability issues and potential misuse.
Finally, revoke system logins for ex-employees and do not leave them live. If dealers follow these simple procedures, they will significantly reduce the risk of data theft and its damaging commercial and financial consequences.
Mark Kelland is commercial manager at Dragon2000