Updating your privacy policy for GDPR compliance - Ideas for Automotive Part 2

In part 1 of this series, the GDPR-friendly ideas for Automotive companies, I took you through the basics of GDPR and why it's important to you as the owner of a small to medium sized Automotive company.


What to consider when creating a GDPR-compliant privacy policy for your Automotive company


For this and future blog posts in the series, I'm looking at the detail of the areas we feel are important for companies of all sizes, even if you're a one man band Automotive company. This time, I'm looking at your privacy policy, which is 100% where you need legal advice. Your privacy policy should be publicly available on your website and linked next to every data capture point so you give ‘notice’ to allow each person to make a decision before giving you their details. Whilst you need legal advice, don't let the legal people do what's normal for a contract; your privacy policy needs to be plain english and easy to understand.


Learn the main challenges for Automotive business owners and ideas to solve  them...


Another big difference with GDPR-friendly privacy policies is you need to include details about your retention policy to explain how long your going to keep data. This is a big shift for most small to medium sized Automotive companies. When was the last time you did a data cleanse? Do you keep contact details only for a reasonable length of time, i.e. if you added somebody to your CRM because they're an ideal customer, you tried selling to them, but it came to nothing, do you then set an automated reminder to delete the contact? More on that in future blog posts in this series.

When you update your privacy policy you should consider the different ways you track, capture, and store data. To help you, here are some helpful links for the systems that our clients use:



Used for CRM, Sales, Marketing, and Website.

Click these links for more on what to include in your privacy policy: DPA, Data Privacy, GDPR, Compliance.


G Suite:

G Suite is used for Google Contacts, Gmail, and Google Analytics plus others.

Click these links for more on what to include in your privacy policy: Google Cloud and G Suite Security and Trust



If you don't have a paid version of HubSpot Marketing that includes email marketing then you're probably using MailChimp.

Click these links for more on what to include in your privacy policy: Security, Privacy Policy, Terms of Use, GDPR friendly forms, GDPR tools, Guide, DPA, DPA FAQ, Privacy Shield



If you don't have the luxury of using HubSpot with all your CRM, sales, marketing, and website in one platform, you need consider how you handle data across your different systems. For this purpose, we use PieSync as it's the best tool available for syncing contact details. More on how and what to sync in future blog posts.

Click these links for more on what to include in your privacy policy: PieSync: T&Cs


Some more thoughts on your privacy policy


What else do you use to store and track data? Google Analytics, your accounts package etc? What cookies get stored when people visit your website? Is it easy for your website visitors to read?

That's it for this post. If you'd like advice on GDPR I suggest you start with our GDPR overview then book a short consultation. Next time I'll give some ideas about updates to make to your systems where you capture and store data.


What the f@ck are my sales team doing...

About the author

Picture of James Walters

James Walters is the Commercial director at The Tree Group, a Business Growth agency that helps Automotive companies with at least 10 staff and a desire to grow by 15% in the next 18-months.