auto dealer in black and red logo
MenuMENU
SearchSEARCH

GDPR Compliance: Minimize Your Exposure

Compliance expert discusses the impact of Europe’s General Data Protection Regulation on U.S. dealers.

by Greg Sparrow
May 8, 2018
GDPR Compliance: Minimize Your Exposure
4 min to read


A European Union regulation governing data protection and privacy for EU citizens has profound implications for American auto dealers, many of whom are completely unaware of it. Photo by David Iliff via Wikimedia Commons

The General Data Protection Regulation is a new standard in European Union law concerning data protection and privacy for all individuals within the EU. The GDPR may appear to be an ocean away, but the effects it will have on your dealership are very real and more immediate than you may realize.

Since its inception, the GDPR has raised a number of questions as to whether businesses are properly prepared to comply. The GDPR was adopted on April 27, 2016, and allotted a two-year post-adoption grace period for businesses to strategize and implement their compliant approach. With less than one month left, an International Association of Privacy Professionals (IAPP) survey found that 61% of U.S. businesses are not ready for the regulation, and that only 67% of European-based businesses have begun moving into the implementation phase of their GDPR compliance program.

Ad Loading...

The potential fines have many concerned about compliance as the May 25, 2018, enforcement deadline approaches. But many dealers and other business owners struggle to fully understand the regulation and thus fail to launch a comprehensive plan.

The GDPR and You

American dealers are very much in the crosshairs here. Several automotive brands have displayed international influence not with the presence of dealerships in several nations but through international marketing efforts. A well-known example might include Porsche Holdings and its business of selling Volkswagen and Porsche cars throughout Central and Eastern Europe. Outside of the benefit of concrete locations near its customers, there is marketing data to be obtained through sales and marketing efforts. The utilization of this data is where automotive dealers may find difficulty with GDPR compliance.

The GDPR places the automotive business under scope not only through its presence in the European Union, but also due to its monitoring of EU data subjects and any attempt to offer them goods and services. Marketing practices most likely include the use of automated individual decisionmaking against EU data subjects, requiring explicit consent under the GDPR.

“Processing” is broadly defined in the regulation to include most actions that can be performed with data and can specifically refer to collection and storage — which dealerships, in this case, are likely doing. Therefore, dealers must have processes in place to honor nine distinct rights awarded to EU data subjects and be able to operate under the guiding privacy principles, defined within the GDPR.

Ad Loading...

The regulation further dictates appropriate security efforts around the protection of personal data, establishes breach reporting requirements, and increases the risk associated with vendors processing this data. These expansive requirements make the process of marketing and vendor outsourcing much more complex for anyone with a direct consumer relationship with EU data subjects.

Smaller, mom-and-pop-owned dealerships may not be considering the new regulations as seriously as they should be. Past actions point to enforcement risk even with these smaller companies. The GDPR states that noncompliant companies posing a risk to EU citizens and their privacy can be fined up to $20 million or 4% of their global turnover for the previous fiscal year, whichever is greatest. It is important to note that this fine can be assessed per violation.

First Steps for U.S. Dealers

There are several steps that dealers must immediately embark on to mitigate their exposure to risk. A solid start begins with understanding GDPR regulation applicability to various parts of the automotive business and each unit’s risk profile to establishing priorities for the initiative. Once risk and priorities have been identified, it is critical for organizations to identify and establish their lawful basis for processing of this data.

Every industry has its own unique risk and operational challenges, and every business within has its own maturity relative to industry peers. Using the trusted counsel of a dealer attorney or compliance firm helps to quickly identify both industry and organizational risk that, as a nonbiased third party, are often otherwise overlooked. A risk management and compliance consulting firm can help organizations quickly identify risk, formulate a plan to mitigate this risk, and setup ongoing monitoring programs to maintain valuable records of compliance.

Ad Loading...

Some have suggested the GDPR will set the global precedent for data privacy and security regulations. Brazil and China have both showed interest in forming similar requirements to protect the privacy of its citizens’ personal information from businesses storing and transferring data across borders.

To adequately prepare for the GDPR and similar regulations likely to be introduced in the future, businesses must begin educating themselves on these regulations, and how they will choose to conquer the requirements. Applicable processes and procedures can obviously help minimize exposure to fines, but also provide an opportunity within the market to reassure customers and, in return, earn their trust.

Greg Sparrow is senior vice president and general manager for CompliancePoint and has expertise in privacy, information security, and risk management.

Topics:Dealer Ops

Originally posted on F&I and Showroom

Subscribe to Our Newsletter

More Dealer Ops

Auto Dealer Today, Dealer Debrief, 07/15/2026, with Lauren Lawrence
Dealer Opsby Lauren LawrenceJuly 15, 2026

Dealer Debrief: Defection Data & EV Updates

In this week's debrief, host Lauren Lawrence discusses how to use defection data to your advantage and the latest on EV sales and charging infrastructure.

Read More →
Two professionals shake hands while exchanging a car key fob beside a vehicle, symbolizing a vehicle sale, lease agreement, or dealership transaction.
SponsoredJuly 8, 2026

How Defection Data is Bridging the Dealership Conversion Gap

Lead volume is flat, cross-shopping is up and brand loyalty is in retreat. As confident sales teams keep losing buyers they thought they had, daily industry sales data is showing dealers exactly where their funnel is breaking and how to fix it without buying a single new lead.

Read More →
Auto Dealer Today, Dealer Debrief, 07/02/2026 with Lauren Lawrence
Dealer Opsby Lauren LawrenceJuly 2, 2026

Dealer Debrief: Where are you losing customers?

In this week's debrief, host Lauren Lawrence discusses the hidden leaks in dealerships where you might be losing customers without even realizing it.

Read More →
Ad Loading...
Auto Dealer Today, Dealer Debrief, 06/25/2026, with Lauren Lawrence
Dealer Opsby Lauren LawrenceJune 26, 2026

Dealer Debrief: Improving Your Inventory Management

In this week's debrief, host Lauren Lawrence covers a new survey that shows what service technicians really want and two launches that could help improve your inventory and vehicle life cycle management.

Read More →
group of people standing in a circle holding puzzle pieces together
Dealer OpsJune 1, 2026

Ladies and Gentlemen, This Is a Dealership: Why the Fundamentals Still Decide Who Wins

A teaching moment by a legendary football coach happens to apply perfectly in the auto retail space. Learn what it is and how to use it to your store’s advantage.

Read More →
Cover image for a BOK Financial report titled “Timing the market: How avoiding volatility entirely can hurt long-term reinsurance program performance.” The image shows several road construction barricades with flashing amber warning lights lined up in a nighttime work zone. Beneath the image, red text explains that avoiding volatility can mean falling behind inflation and missing market rebounds that drive long-term surplus growth. The BOK Financial logo appears at the bottom right.
SponsoredMay 8, 2026

What Market Timing Mistakes Mean for Your Reinsurance Program

When volatility hits, dealer-owned reinsurance programs face a familiar temptation: pull back and wait for calmer waters. New data from BOK Financial shows why that instinct can quietly cost you years of surplus growth.

Read More →
Ad Loading...
two cars on a billboard, No Hidden Fees
ComplianceMay 1, 2026

Dealer Ads and the FTC

The agency has made it clear in recent enforcement actions and warnings, in auto retail and other industries, that advertised prices must include all nonoptional costs to the consumer.

Read More →
Closeup of white car's headlight, front end
Dealer Opsby Hannah MitchellApril 17, 2026

Used Autos Supply Dwindles

The March shopping surge, despite high prices, cut into inventory by the most since the thick of the pandemic, Cox Automotive analysts calculated.

Read More →
hands making protective frame over red car, Risk Reality Check, Be Proactive, Auto Dealer Today logo
Dealer OpsApril 1, 2026

Managing Risk Effectively Through Changing Times

The variables influencing risk pricing have changed significantly over the past five years. Being proactive and responsive to emerging trends is not optional but essential.

Read More →
Ad Loading...
Car key, stacks of coins, and a paper car cutout with AutoPayPlus logo, representing auto financing, loan terms, and vehicle affordability trends.
Dealer Opsby StaffMarch 31, 2026

Survey Reveals What Won't Fix What's Breaking Car Sales

AutoPayPlus says extra-long auto loans are trapping consumers and threatening the dealer trade-in cycle, and that the industry is leveraging the wrong tools to combat high MSRPs.

Read More →