Modix Blog

13.11.17

EU Data Protection - GDPR

General Data Protection Regulation

What is the GDPR?
After four years of consideration, the 'General Data Protection Regulation' (GDPR) was approved by the European Parliament and will come into effect on 25 May 2018. The GDPR is an evolution of the existing Data Protection Directive (DPD) which protects the personal data of all European citizens. The GDPR was created to address the existing gaps of the DPD and strengthen personal data protection by:

- Expanding the legal definition of personal data
- Requiring IT procedures to be documented
- Requiring risk assessments under certain conditions
- Notifying clients and authorities when there has been a breach
- Strengthening the rules for data minimization (collecting minimal personal data)
- Establishing restrictions on the transfer of personal data outside of the EU


It is important to emphasize that the GDPR covers personal data. Personal data is any information relating to either the public, professional or private life of an individual. This includes but is not limited to names, addresses, photos, email addresses, bank details, posts on social networking sites, medical information or a computer’s IP address.

Not only are companies who collect personal data required to comply with the GDPR, they must also demonstrate how they comply.

While the details are quite complex, the GDPR can be simply understood by thinking of it as common sense data security ideas that:

- Minimize the collection of personal data  
- Delete personal data that is no longer necessary 
- Restrict access to personal data 
- Secure data through its entire lifecycle 
- Demonstrate transparency with accessible information on how and why personal data is collected 

Modix’s Approach to the GDPR
The GDPR will require companies to become fully accountable and aware of the data that they are responsible for. This regulation is now more important than ever due to the ease and speed that data can be collected and transferred across borders.

As a data ‘processor’ for our Automotive Clients (entity who processes data on the behalf of our clients), Modix is fully committed to meeting the standards of the GDPR and becoming compliant by 25 May 2018. To accomplish this, we assembled a cross-functional team that represents all data collection areas of the business. This team is ensuring Modix complies with the GDPR and that data transparency is a key component of our client partnerships.

As part of Cox Automotive Group, Modix has access to an experienced team of international legal consultants. This support helps to ensure our compliance across all EU countries and positions us to respond and react to further compliance measures in the future.

What Modix Clients Can Expect
Modix will proactively be reaching out to our clients with updates necessary to the GDPR. Expect to receive more detailed communications over the coming months. Modix will also publish a series of blog posts to provide more details and update our clients on our GDPR progress.

Modix Clients’ Responsibilities
As the data ‘controller’ (entity that determines how and why personal data is processed), Modix clients must also take an active role in the GDPR compliance process. By familiarizing yourself with the components of the GDPR, you will be prepared to respond and react to all communications coming from Modix. Staying informed is the best way to ensure all parties successfully meet the requirements of the GDPR.

From Our Parent Company - Cox Automotive
At Cox Automotive, we are committed to maintaining the privacy of the individuals whose data we are entrusted with. This includes continually reviewing and updating our privacy practices to ensure that we are consistently meeting our obligations around the globe. We are actively engaged in preparations for the May 25, 2018 effective date for the General Data Protection Regulation and plan to be compliant by that date. As part of this cross-divisional effort, we are also reviewing our product offerings for ways in which we can assist our customers in managing their own compliance obligations under the new regulation. We are confident that Cox Automotive’s suite of innovatively integrated products will allow our customers to help transform the way the world buys, sells, and owns cars while meeting the evolving demands of the global regulatory landscape.

Innovation