How to Implement GDPR for Your Auto Dealership Site

GDPR for automobile dealerships

How to implement GDPR for your auto dealership site

In my experience a lot of automotive dealers, especially on the high end, don’t realize the impact that the new General Data Protection Regulation (GDPR) regulations have on their business. Most tend to think that because GDPR comes from Europe that it doesn’t affect us over here in USA. Not true.

To help you I’ve compiled of the most common issues mistakes auto dealers make in USA when considering GDPR.

Most businesses in the automotive space, both small and large are struggling not to find themselves on the wrong side of the General Data Protection Regulation (GDPR).

Inbound Leads

There are two important aspects of GDPR that you need to consider when it comes to managing inbound leads. The inbound leads that come from the affiliate websites and those that come from the web forms that you control.

Ensure that the leads which are generated through the web forms that you control are compliant with GDPR. The easiest method that you can use to verify is the double opt-in process. Any reputable automation marketing vendor can give you full guidance on how the process works.

 Simple Guide to Double Opt-In Process

Here is how you can execute a doubt-in process for EU/UK leads that are generated through contact forms on your website.

1.     Have a field that will require the contact to identify their own country in your form. If the state is a member of EU, there should be a doubt-in process for that contact. If the contact is not from a GDPR-regulated country, then they should be treated in a normal process.

2.     Provide different forms depending on the cookies. An alternative way is to provide various forms based on the IP address/ cookie of the web visitor. With this method, you need to customize your website to have a cookie-permission pop-up feature. Once the visitors accept the cookies, they will be required to fill a double opt-in dynamic form.

Getting Inbound Leads from SaaS

The rules remain the same even when generating leads from a SaaS database. You still need to ensure that the affiliate involved in the collection of leads is GDPR-compliant. Before signing any contract with an affiliate or a vendor, take your time to understand its details. Ensure that all the liability for the violation falls on the vendor.

If possible, involve a lawyer in drafting and reviewing this contract. Any EU contact should be able to opt in and out of any communication with your business at will. The SaaS should not have any limitations.

In other words, the marketing software that you use should have an easy-to-access unsubscribe link that contacts can use to opt out of any further communication with your brand.

The Rights of the Contacts

The GDPR gives contacts new rights, and as a marketer, you have no option but to ensure that they are implemented. One of these rights is accessing data. Contacts should be able to access all the data that you have stored about them. They should also know the methods that you used to collect their details and your reasons for storing their data.

The contacts have a right to be completely erased from the memories of your company. This means that you must delete any information about them from your company’s database. To implement some of these rules, you may consider involving your web development team.

Impact of GDPR On Digital Advertising

GDPR is expected to change the way digital advertising is done. We have already talked about how different forms will work. Other aspects of digital marketing that will be affected are audience retargeting and IP targeting.

Also, the web design aspect of your business won’t be spared by the new rules. When it comes to contact targeting, include a double opt-in process, as well as the terms and conditions on this form.

Your opt-in and opt-out page should also have a feature that disables ad retargeting. Although cookie/IP retargeting is somehow trickier, there are things that you can do such as using an opt-in pop-up box. This applies when you are targeting the IP address of individuals.

However, you can still be safe if you target corporate IP address.  As much as you’d still want to stay at the top of your marketing, you need to be aware of the GDPR.

As a business, one of the things that you need to look at with regards to this law is the listing service. GDPR is against list buying; hence you should ensure that all the EU contacts in your list were genuinely obtained. This applies even if you are using list service from a vendor.

To capitalize on the regulation, most vendors are now claiming to be offering GDPR-compliant lists. Just because a vendor claims so doesn’t mean that you should go by their word.

You have a responsibility to ensure that the list provider is 100% genuine. If you buy a list from the vendor and later it is discovered that some of the contacts are not compliant with GDPR, you will be responsible for any consequences.

You will have several legal challenges to deal with because of this violation.  The good news is that there is a sure way of verifying the contacts in the list.

  • One of these ways is cold calling. Even after getting the list, try to pitch or cold call them to determine whether they are willing to be used for your marketing needs.
  • Another method that seems to work is giving the vendor your email address and the titles to be used in the emails. In other words, the vendor will just be sending emails to the contact on your behalf. With this method, the vendor will be acting as a data controller, meaning that they will be entirely responsible in case of a violation of the GDPR.

Although giving your email seems to be the best solution that you can use to stay safe, most marketers have not fully embraced it. This is because it puts you at the mercy of the email delivery vendor. They will be responsible for executing tracking and executing the campaign. Apart from being slow, the whole process can become unnecessarily complex with many bottlenecks. Despite the drawbacks, it remains a better alternative that will save you from being hit with harsh penalties because of violating the GDPR laws.


If you found this article useful please share it with someone you know.


Nancy M. Hernandez, owner and founder of Advertising Avenue and ADF Converter powered by Lead Adaptor. Experienced in web design and marketing since 1997 and been in the automotive industry since 2011.

Nancy M. Hernandez
Nancy M. Hernandez
UX Director and software entrepreneur helping businesses manage and developing their websites and marketing channels. Loves helping and motivating others to succeed.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.