GDRP & Navigator

Introduction & Scope

 

GDPR is the proposed European-Wide legislation which will replace the existing Data Protection Act which has been in place since 1998.

This document does not serve to define GDPR, nor how a dealer using Navigator would ensure compliance, but seeks to define the tools, utilities and updates required within Navigator to ensure this compliance. This document serves to be used to gain feedback from interested parties as to the updates that will go into Navigator during Q3-2017 ready for release by the end of the year.

There are several key differences in GDPR compared to the existing DPA, which have an effect on the functionality that Navigator provides.  The remainder of this document defines the various areas that require review in Navigator.

Permission for Marketing

 

Under the DPA it was sufficient to assume that any customer of a business could be included in any marketing campaigns, and contacted by any method to achieve this.  More recently, there have been modifications – relating to email and SMS contact, whereby SMS communication ought to by specifically opt-in and email requires the ability to opt-out.

Compliance for opting out of communication was given by “tick-box” to exclude yourself from marketing.  Similarly, it was acceptable to pass details onto third parties (such as the car franchises)

Under GDPR, this process is required to change.  The requirements of GDPR are such that a dealer is required to gain specific permission for adding a customer to marketing databases.   This needs to be done in a transparent, auditable and granular way.   It is no longer safe to assume that a customer authorises all marketing, unless specifically denied.  Where permission is granted, it should be clear what sort of marketing that the customer has accepted.  

In addition, permission needs to be additionally granted from customers for the transfer of information to third parties.   These third parties need to be named and the use of the information defined.   This has a large impact on CSI programs for example.

 

Currently, within Navigator, there are several “flags” that are held on a customer/vehicle record.

      a)       Customer-wide “No Follow Up” – this removes the customer and any vehicles he owns from all Marketing Campaigns including Aftersales follow up.   It is possible to include these records in campaigns by choosing to select in a Marketing Campaign specifically.

      b)      Vehicle by vehicle exclusion from Service/MOT follow up or both.

      c)       No CSI-Flag – this removes the customer details from Manufacturer CSI programs within Navigator.

It is clear that under GDPR, these flags are insufficient – they are not granular enough and are opt-out rather than opt-in flags.  In addition, there is little auditing on the setting of these flags.

In order to improve this, it is suggested that the following set of flags are configured on a customer record:-

                Allow Contact by Dealer:

                - By Email

                - By SMS

                - By Letter

                - By Telephone

                 Allow Contact by Third parties

                - By Email

                - By SMS

                - By Letter

                - By Telephone

 

All these fields will be flagged as “NO” by default and require ticking individually by a user who will be logged for auditing for updating these fields.

In addition, a further set of tick-boxes will be offered, defining the type of Marketing that is being allowed:-

                Allow Contact for:-

                - Vehicle Maintenance related contact

                - Non Vehicle specific contact

 Again, these will both be flagged "NO" by default.

The problem this gives is that it is very possible that customers will be created without these flags being set, causing issues with future marketing and After-sales follow up.  

It is proposed that this is mitigated by issuing a prompt, if none of the flags have been ticked when creating a customer record, confirming that the Customer requires no contact at all from the dealership or third parties.  The confirmation of this question will be recorded in the customer audit trail.   In all cases any change to the flags, or answering of this question will update a “Date Last updated” on the customer record.

The existing “No-CSI” and Vehicle specific flags will be retained in addition (so that it is possible for the dealer to exclude a customer from CSI campaigns even though the customer gives permission and also that individual vehicles can be removed from follow up ).

This has several knock on implications in the Navigator:-

Aftersales Campaign Manager

Currently, the ACM assumes that if there is data on a customer record, then that customer can be contacted for service follow up by that method.    Vehicles are only excluded from the ACM system if the customer is set for no-follow up or the vehicle itself is excluded.

The ACM system would need updating to take account of the new flags as follows:-

 1.       If a customer is not flagged for “Vehicle Maintenance related contact” , then the customer and any vehicles that are attached to him, will be excluded completely from the ACM system.

 2.       When moving the follow-up through the ACM, Navigator will check the relevant "Allow Contact by Dealer" flags accordingly and skip any disallowed methods of contact.

 Campaigns

When Creating a Marketing Campaign, before choosing the selection, the campaign should prompt for the types of Contact that this campaign is i.e. Vehicle Maintenance Related, Non Vehicle Specific or “all customers”.  This will ensure that only customers are selected that have accepted the type of marketing allowed.

This would automatically create an additional filter on the campaign prior to the actual selection.

 In addition there will need to be a new section in the selection criteria to be able to remove customers who have:

·         No Email from dealer

·         No SMS from dealer

·         No Letter from dealer

·         No Telephone from dealer

·         No Email from third parties

·         No SMS from third parties

·         No Letter from third parties

·         No Telephone from third parties

·         No CSI

 When running a campaign, if an email is to be sent, then any customers excluded from email should be excluded unless a tick-box is ticked to specifically ignore the No email flag.  Similarly for SMS, Letter and telephone, if the option is selected to queue for follow up from a Sales Executive.

CSI exports to Vehicle Manufacturers

Navigator currently supports a number of exports to third parties for the purpose or Aftersales CSI. Currently all customer records are included in the export.  The No-CSI flag is used to either remove the record completely from the export, to blank the customer details or to mark as not to be contacted.

It is proposed that the following business rules are added to all the feeds:-

1.       If a customer is flagged for not allowing "Vehicle Maintenance related contact", then the customer name and all contact details will be redacted from the export (i.e. will be blank)

2.       If the customer does not have *any* of the allow contact by third parties, then the record will be blanked.

 In addition, each of the feeds will be reviewed to see if there is a relevant “Allow” contact fields are present to fill in whether contact can be made by email/letter/phone/SMS etc.   

All third parties will need to be contacted to inform them of this update.

What about existing customer records?

Under the transition from DPA to GDPR it is accepted that existing customers may not have been fully opted-in to all communications.

As part of the GDPR software rollout, all existing records will be updated such that all the relevant contact flags are ticked automatically.  

 

Right to be Forgotten and Right to Update Marketing Permissions

 

GDPR has two key items within it relating to customers being able to manage their data records.  In particular, the Right to be Forgotten and the ability to update or remove marketing permissions, as easily as setting them in the first place.

The Right to be Forgotten is relatively easily implemented within Navigator – this is simply an instruction to delete the customer record, the facility to do so already exists.

With regards to the updating of Marketing Permissions it is most likely that these will need reviewing only at a point of contact with the customer.   This is likely at the following contact points:

1.       A service visit

2.       A Sales Enquiry

3.       A Vehicle Handover

4.       On receipt of  marketing material

To encompass this, it is proposed to display the marketing preferences tick-boxes on the following screens, with the option of a button to access the customer record to update:-

1.       Service Booking

2.       Service – Release a job

3.       Sales Enquiry

4.       Vehicle Delivery

 

In addition, all emails and SMS messages should have the option of adding a standard “To review your Marketing Preferences please click here” message, which interactively opens a browser and displays the customer’s Marketing preferences to allow updates.  Again, these updates will be updated and audited on the customer record for future contact.

 

Ability to view or extract a Customer’s record

 

GDPR is stronger than the DPA in terms of the ability for a customer to request to view their information.   In order to encompass this, a browser based customer record view, showing contact details and marketing preferences will be displayed.   A button on the customer record will generate a URL which can then be emailed to the customer, to allow them to access their information for a set period of time (30 days from the generation of the URL).    

In addition, the GDPR regulation has the additional requirement for a customer to request that their information is supplied to a third party in a “standardised” form.   It is proposed that a similar extract is provided for these purposes, using a URL generated from a customer record which is again emailed to the customer for the purposes of forwarding to any third party of their choice.  This should give the option of viewing the customer record in much the same way as the customer would, with the option of downloading the customer details in a standard computer form (XML).

 

Removing old Records from Marketing and from Database

 

A key part of the GDPR regulations is that as part of the Dealership Data Policy, the policy will define when records are removed from the dealer’s database.  The aim is to give a customer the knowledge that authorising Marketing communications from a dealer will only last whilst they are deemed to be an active customer.

As such, it is expected that a dealer will be required to define some principles as to when a customer is removed from their database and for what purposes.

Such a statement is expected to define the length of time of “no contact” from a customer, that results in the record initially being removed from Marketing . Subsequently, a further period of non-contact will completely delete the record from the database.

 To encompass this, parameters will be added to Navigator which will define these rules.   This will define the following time spans:-

1.       Flag a vehicle for no Aftersales Follow Up after X months of no service visits

2.       Flag a customer for no non-Aftersales follow up if no contact after Y months

3.       Delete a vehicle from the database if no contact within Z months

A utility would then run each month flagging records according to these parameters and email to a named contact the list of those updated or deleted.

Data Cleansing

An implied concept in GDPR is that a dealer would be required to ensure that data is up to date.

There are reference databases available which can be used to cleanse data.    In particular the following details are available via third parties which would enable a dealer to take action :-

1.       TPS register – if a customer registers for Telephone Preference Service, then this could be used to remove the “Contact by telephone” for all non Aftersales Marketing

2.       MPS register – if a customer registers for the Mail Preference Service, then this could be used to remove the “contact by mail” for all non-Aftersales Marketing

3.       Change of Keeper – if a vehicle has a change of keeper, then this could be used to flag a vehicle for “no follow up”

4.       Gone Away – a customer who has consistent Gone-Away mail returns, could be flagged for no letters

5.       Movers – any customer known to have changed address, can have the address updated on their record so that future marketing goes to the correct address.

6.       MOT expiry update – by comparing the MOT date with the DVLA MOT Register, MOT dates can be kept up to date.

7.       Deceased flag – customers that are deceased can be removed from the database.

The aim is that all the above can be carried out automatically on a monthly contract based on the size of the database.

 This will give the dealer extra compliance with GDPR – as well as a good Return on Investment, as the cost of cleansing should be outweighed by the saving in cost of following up and marketing to customers, who will either not receive the communication or will not be interested (e.g. if they no longer own the vehicle).

Reporting and Monitoring

In order to ensure that the dealer is able to monitor the creation and update of customer records, it is proposed that the existing “View Customer Contact” report, which shows the details of any customer contacted or created in a period, is updated to show the date of last update of the Marketing preferences and highlights if they are all blank.  

This will enable monitoring of individual customer records and staff  to ensure that details are being captured correctly

 

Summary

 

The total of the items outlined above is to enable a dealership to develop and implement a workable Data Policy and to satisfy the key requirements of GDPR.

The key items relate to transparency of usage of collected customer information, for marketing purposes and to enable customers to review and maintain their own preferences easily.

It is essential that dealers implement policies, to ensure that staff collate and enter the customer marketing preferences at regular touchpoints, in order to maintain GDPR compliance and ensure that they gain as high “positive” opt-in for marketing as possible.

It is also essential that the dealer creates a Data Policy in relation to the handling of customer information.  

Feedback

Should you have any feedback on this document or on GDPR at all, then please contact your Account Manager with any thoughts before the 30th June, 2017

>>> contact your account manager

Navigation

Project Planning

OverviewDocument of UnderstandingTraining EnvironmentData MigrationPost Live SupportKey milestones

Training Courses

PartsService ReceptionSales ToolkitVehicle AdministrationSales LedgerPurchase LedgerNominal Ledger

Key Implementation Processes

Workshop WIP and AppointmentsAdding Vehicle StockStarting Cash BookVehicle Deal ProcessingImporting B/Fwd Balances

Invoice Post and Capture

Use Artificial Intelligent Machine Learning to save 80% of your time in processing purchase invoices

Technicians Clocking App

The Navigator Technicians Clocking App - FREE to install.

Integrated Finance Quotations and Proposals

Integrated Finance Quotations and Proposals

about Dealer management services

The people behind DMS Navigator are motor trade veterans. We have decades of industry experience, both in running dealerships and delivering excellent software. Our Navigator system is designed to meet the challenges we all face. No wonder we’ve helped so many businesses grow.

useful links
Leave us a Google ReviewContact UsBlog
social
Twitter
Facebook
Email
0333 888 0477
Copyright  Dealer Management Services Ltd, 2023