Skip to content

Sales Procedure Guide

3.8 // Data Protection

Sales Procedure Guide

3.8 // Data Protection

Data Protection

If you handle or process any personal data (customers, employees, have CCTV, etc.), you must ensure you understand data protection rules and are registered with the Information Commissioner’s Office (ICO).

The ICO can impose significant fines for any data breach and is not shy about delivering severe penalties, even if your business may legitimately struggle to pay them. This can be up to £17.5 million or 4% of your annual worldwide turnover, whichever is higher.

There have been several high-profile cases in the motor industry in the past few years, highlighting the impact on your business if data is not sufficiently protected.

Data Protection & Motor Retailers: Compliance

Toyota warns customers of data breach

The 7 Biggest ICO Fines Issued in the UK

ICO fines British Airways for data breach

Evolution expects all our introducers to be ICO registered, as you will process customer data during applications, and we will ask for your registration number as part of our onboarding process. We also expect firms to be diligent, have robust systems and processes, and alert us if they experience any information security or data protection incidents. Aside from our own requirement, being ICO registered can positively impact your business and reputation, making you more appealing to customers.

If your firm has to report an incident to the ICO, you may also need to report this to the FCA, who could also investigate your business.

If you are not currently registered with the ICO, you can complete a short 5-minute self-assessment here:

Most of our introducers will fall into Tier 1 or 2, so they will pay a fee of no more than £60 per year.

Next // 3.9 Training