Warranty Administration Services Ltd     Download Free Warranty Pack
Claims 01522 513833    Sales 01522 515600   

Our Commitment Statement

Introduction
The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the implementation of the EU General Data Protection Regulation (GDPR); this regulation seeks to empower individuals to take control of their personal data and to support organisations with their lawful processing of personal data.

The GDPR (which, regardless of the decision to leave the EU, will eventually become law in the UK under the Data Protection Act 2018) is due to come in to effect on the 25th May 2018 and will impact every organisation that holds or processes personal data.

This replaces both the 1995 EU Data Protection Directive and the Data Protection Act 1998, strengthening the rights that EU individuals have over their data and, in theory, creating a uniform data protection standard across Europe. It will introduce new responsibilities for all organisations including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties.
Our commitment
At Warranty Administration Services Ltd (WAS) we are committed to high standards of information security, privacy and transparency and have been working hard to ensure we comply with the applicable GDPR Regulations from May 2018.

We have been actively working on our GDPR strategy for the majority of the previous year, scrutinising the new legislation to build a tailored programme of change to further protect the fundamental privacy rights of all those we hold or process data about and ensure diligent compliance across our organisation.

Our GDPR project team are focused on the strategy and implementation of GDPR, and as part of our commitment towards our customers, suppliers, affiliates and our own business the following preparations have been made;
  • We brought in experts to produce an independent readiness assessment on our company to evaluate how prepared we were for GDPR, allowing us to identify gaps and risks.
  • We then wrote a compliance programme to enable us to track our GDPR obligations, including review of consent collection, privacy and retention policies and privacy impact assessments.
  • We have compiled a comprehensive data catalogue, detailing all of the personally identifiable data that we hold and process within the organisation, how it is stored and retained.
  • We have confirmed our lawful purposes for processing personal information within the new regulatory requirements.
  • We have reviewed our information security processes to ensure they remain robust.
  • We are running dedicated training workshops, and new procedures have been established. These are aimed at all staff to ensure they understand the basics of the new data protection law, to highlight and reaffirm the importance of personal data security and educate them on how to recognise and respond to any requests made by data subjects in relation to their amended rights. We believe passionately that staff awareness within our organisation is vital to ensure our GDPR compliance.
  • We are making changes to operational process and procedures to ensure all requests from data subjects continue to be handled correctly, including how we respond to requests for data portability, rectification and erasure of personal data, access to information and the restriction of processing.
  • We are amending our process for identifying and reporting potential data breaches in line with the new regulations.
  • We are updating our privacy policy to give further information about how we collect, process and protect personal information, which includes not only that of our customers but of our suppliers and affiliates.
  • We will continue to make additional operational changes in keeping with the latest industry best practices and will actively monitor ongoing regulatory guidance and interpretations of key GDPR requirements to make sure we're well informed and doing the right things both up to the deadline and beyond. We will update our customers, suppliers and affiliates accordingly.

Changes we are making that you will see
To remove all risk of Personally Identification Information (PII) being seen on any reports that we send we are going to remove the customer name. This will still leave the registration number and stock number for you to identify the sale. We will carry out an audit of report recipients to ensure that unnecessary copies are not being sent, therefore reducing the risk of any data breach. We will be introducing amended paperwork for warranties that are registered post GDPR. This will include all the details required to ensure full compliance with the change in law.
What should you do?
There is no substitute for suppliers and affiliates seeking their own legal advice if they are unsure about the implications of the GDPR for their business, but we have produced a list of actions that may help you with your GDPR compliance planning;
  • Review the current security and privacy processes you have in place and where applicable, perform due-diligence on companies with whom you share personal data and revise your contracts with third parties and customers to meet the requirements of the GDPR.
  • Audit your data and identify the Personally Identifiable Information/Personal data that is being collected, paying particular attention to sensitive, or special categories of data.
  • Analyse how this information is being processed, stored, retained and deleted and ensure you have a lawful basis for processing the data.
  • Assess the third parties to whom you disclose data.
  • Establish procedures to respond to data subjects when they exercise their rights.
  • Create processes for data breaches including identification and reporting.
  • Ensure that all of the staff within your organisation are aware of GDPR and its implications. Continuous employee awareness and training is vital to ensure compliance to the GDPR.
  • Ensure sufficient records of processing are kept to enable compliance with the new ‘accountability’ notion.
For more information, you can visit the ICO website.
Warranty Administration Services Ltd. Home of the Crystal Clear Warranty. Warranty Administration Services Ltd. Established 1984.
Links
Twitter
Facebook
LinkedIn
Blog
Newsletter
Data security
Cookie Policy
Environment
Corporate
Privacy Policy
Links
Recent Blog Posts
Smoke & Mirrors: Warranty Burn Rates
Self-Funded Warranty: It’s Not For Everyone
CDX17 Car Dealer Automotive Industry Expo
Diesel cars in decline: How might this affect the used car dealer?
Four Year MOT Proposed For New Vehicles
About Warranty Administration Services Ltd
Established in 1984, we are the pioneers of used car dealer self-funded warranty. The Crystal Clear Warranty helps used car dealers take control of their warranty and aftersales experience, and allows them profit from the quality of the vehicles they sell.

If you're frustrated with your current warranty provider, call us today on 01522 515600, or click to read more about our warranties.

Warranty Administration Services Limited is an Introducer Appointed Representative
of Nukula Limited who are authorised and regulated by the Financial Conduct Authority, FRN 616475.

Warranty Administration Services Ltd. Established 1984.
© Warranty Administration Services Ltd. PO BOX 4, Lincoln LN3 4DE.