GDPR: Taking the cake or the cookie

Got some time on your hands? In her second article for Aftermarket, Rebecca asks whether you should use it thinking about your GDPR policy

Published:  28 July, 2020

By Rebecca Pullan, Carmaster

It’s not news anymore and all those shiny privacy policies so painstakingly put together are old hat. Mine even has a cheeky little joke in it stating how ‘tyre-ing and exhaust-ing’ it all was, just to prove it really was me. Anyone who knows me will tell you I am amazing at poor quality overused jokes. It’s a gift.  
They are all now firmly at the bottom of each webpage and even the link has cobwebs on it – see previous reference to my ‘gift’. They are rarely to be clicked on again, except when someone angrily uses GDPR against you in a potentially threatening way. Then, you’re reading it frantically checking you’ve complied with everything you said.
Each garage owner does need to know a few things, other than about mending cars. Some of you reading may have even started out after this traumatic law came in. Now, even sending out a Christmas card can put you at risk of going to prison. That particular year we sent ours out unsigned, without a logo and not even to our customers. We felt it far safer, taking into consideration the gravity of the situation. It was also important to me that we acted professionally and led the way.
We do all need to keep up, ignorance is no defence in law – this law does come with some frightening consequences. It’s there every day and actually part of our every contact with customers.

Top five tips
Here’s my top five tips on things you might have forgotten to do since GDPR came in last year.

Buying a shredder: Accidentally leaving personal details around on scraps of paper is now a big no-no. Get some good habits and shred every day. This can nicely double up in your Environmental Policy as helping the local pet shop with hamster bedding. Recycling at its very best.

Making sure you know why you are contacting people and also ensure that every employee knows and understands the phrase legitimate interest: It needs to trip of the tongue. Get them to say it time and time again like some modern tongue twister.

Deciding how old is too old: I used to think old was over 40. Turns out that I now think very differently, suspect that’s education and reading business books! Decide how long you keep things like job applications, old employee details and customer records and when that date has passed – get rid of them. Top tip here is choose a big date, makes it a lot easier.  E.g. “Blah Blah Blah Garage keeps all employee details for 100 years.” Not too hard
is it?

Appointing a Data Controller: You could easily offer this title to an employee as a reward. It really does sound most excellent and will look fabulous on any business card.

Watch out for cookies: Someone else is probably in charge of your website, so this can easily be missed on your GDPR radar. These things are neither a cake nor a biscuit that could explain my (and yours?) recent weight gain and they are everywhere. Did you know cookies hold, store and collect information about you? In my eyes, this relatively new law was worth all those hundreds of paperwork hours alone just to get these sweet treats in check. After all, you never hear of a Victoria Sponge or a Butterfly Bun blabbing all your secrets.

Have I missed anything out? Contact me here via the Editor  at if you have any other GDPR
top tips!


Related Articles


©DFA Aftermarket Media Ltd
Terms and Conditions