Question 1

What GDPR obligations do car dealerships in Kerry have?

Accepted Answer

Car Dealerships in Kerry must appoint a data controller, maintain records of processing activities, implement appropriate security measures, provide privacy notices to customers, and respond to data subject access requests within one month under the Data Protection Act 2018.

Question 2

Can the DPC fine a car dealership in Kerry?

Accepted Answer

Yes. The Data Protection Commission can fine any business in Kerry, including car dealerships, up to €20 million or 4% of global annual turnover for serious GDPR breaches. Even smaller infringements can result in fines up to €10 million.

Question 3

Do I need a Data Protection Officer for my car dealership in Kerry?

Accepted Answer

Not all businesses need a formal DPO, but if your car dealership processes personal data on a large scale or handles special category data (like health information), you may be required to appoint one under GDPR Article 37. Even if not mandatory, having someone responsible for data protection in your Kerry business is best practice.

Question 4

How do I handle a data breach at my car dealership in Kerry?

Accepted Answer

You must notify the DPC within 72 hours of becoming aware of a personal data breach that poses a risk to individuals. You should also notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms. Kerry's tourism-heavy economy means large volumes of guest personal data, booking records, and marketing databases are processed by SMEs that must comply with DPC guidance on direct marketing and consent.

Question 5

What privacy policy does a car dealership in Kerry need?

Accepted Answer

Your car dealership needs a clear, plain-language privacy policy that explains what data you collect, why you collect it, how long you keep it, who you share it with, and what rights customers have under GDPR. This must be easily accessible to all customers and staff in your Kerry premises.

Question 6

What GDPR obligations do car dealerships in Ireland have in Kerry?

Accepted Answer

Car dealerships are data controllers under GDPR and must comply with all its requirements. This includes providing privacy notices, having a lawful basis for each processing activity, securing personal and financial data, putting data processing agreements in place with third parties like finance houses, and responding to data subject requests within one month.

Question 7

How long can a car dealership keep customer finance application data in Kerry?

Accepted Answer

You should keep successful finance application records for the duration of the finance agreement plus any period required by the Central Bank or Revenue (typically 6 years after the agreement ends). Unsuccessful applications should be deleted within a short period — 3 months is generally reasonable unless the customer consents to you retaining their data for future offers.

Question 8

Can a car dealership keep copies of driving licences under GDPR in Kerry?

Accepted Answer

You can collect driving licence data where necessary — for example, for test drives or finance applications — but you should keep it only as long as the specific purpose requires. Once a test drive is completed, delete or destroy the copy. The DPC has cautioned against unnecessary retention of identity documents. Never keep copies in unsecured locations.

Question 9

Do car dealerships need CCTV signage under GDPR in Kerry?

Accepted Answer

Yes. Any dealership operating CCTV must display clear signage at every entrance informing visitors that recording is in progress. The signage should include the identity of the data controller, the purpose of the CCTV, and contact details for further information. The DPC recommends retaining footage for a maximum of 30 days unless a specific incident requires longer retention.

Question 10

Can a car dealership share customer data with finance companies in Kerry?

Accepted Answer

Yes, but you must have a lawful basis (typically contractual necessity or consent), inform the customer through your privacy notice that their data will be shared, and have a data processing agreement in place with the finance company under GDPR Article 28. You should only share the minimum data necessary for the finance application.

GDPR Compliance for Car Dealerships
in Kerry

Why This Matters for Car Dealerships in Kerry

Do car dealerships in Kerry need GDPR compliance?

Key GDPR Risks for Car Dealerships

Personal Data Your Car Dealership Processes

Find out your GDPR score in 2 minutes

Required GDPR Policies & Documents

GDPR Compliance Steps for Car Dealerships

Common GDPR Mistakes Car Dealerships Make

Frequently asked questions

Don't wait for the DPC to come knocking

GDPR Compliance for Car Dealerships in Kerry