agent Entrepreneur logo
MenuMENU
SearchSEARCH

Equifax + Facebook = GDPR?

The European Union’s General Data Protection Regulation raises the bar for a number of compliance issues, particularly the way your dealer clients protect and defend their customers’ nonpublic personal information.

November 14, 2018
Equifax + Facebook = GDPR?

Photo via iStock

4 min to read


A colleague of mine asked me, “Who in the auto dealer industry really cares about the General Data Protection Regulation?” I thought about titling this article “GDPR: Who Cares?” But upon further reflection, I thought that the GDPR might bring focus to data management and data protection and give a sneak peek toward future trends.

The Question

Ad Loading...

Let’s start with some background. The Equifax data breach of 2017 affected almost half of all Americans, approximately 142 million people. Nonpublic personal information (NPI) such as names, Social Security numbers, birth dates, driver’s license numbers, and other information was disclosed. In 2018, approximately 50 million Facebook users’ profiles, including personal information, was obtained by Cambridge Analytica in one of the largest known social media network breaches. 

GDPR is a European Union data protection and privacy regulation which went into effect on May 25, 2018. GDPR establishes strict standards for consent and data breach notification (among other standards) and provides for penalties of up to 4% of global revenue.

In terms of data breach notification-based facts reported in the media, Equifax took 143 days to discover the data breach and 40 days after the discovery to notify affected individuals. Facebook is said to have discovered that users’ personal information was harvested some time in late 2015, but an announcement was not made until March 2018. (Note that Facebook claims that the harvesting of millions of user profiles by Cambridge Analytica was not a data breach.)

“The GDPR ‘sets the bar’ for data compliance. That bar is currently higher than contemplated U.S. standards.”

In the U.S., several bills on data breach have been introduced, most notably the Consumer Privacy Protection Act of 2017 and the Data Security and Breach Notification Act. The Consumer Privacy Protection Act of 2017 would establish a national standard for “comprehensive consumer privacy and data security programs” for larger companies. 

Ad Loading...

While the FTC, the U.S. attorney general and state attorneys general would have enforcement authority, there is no private right of action. (A private right of action is a case brought by the individual consumer rather than a regulatory entity such as the FTC.) The legislation only provides for notification of a data breach “as expediently as possible” and “without unreasonable delay” rather than a specific time period. 

The Data Security and Breach Notification Act also seeks to create a single standard rather than the current varying state requirements of data breach notification. The Data Security and Breach Notification Act includes a 30-day data breach reporting rule for larger companies (regarding non-healthcare data).

As opposed to the two proposed U.S. Acts above, the GDPR requires a 72-hour data breach notification. When this short timeline is combined with immense penalties, data security and management becomes much more important. 

The Answer

So, the answer to my friend asking who cares about GDPR is as follows: While most U.S. dealers will have few customers who are residents of the European Union or other factors subjecting them directly to the GDPR, the GDPR “sets the bar” for data compliance. That bar is currently higher than contemplated U.S. standards, but gives us all a look into the future. 

Ad Loading...

The GDPR represents a change, on a global scale, in the acceptable methods for handling data across the world. The GDPR elevates compliance to center stage and has quantifiable standards and enormous penalties to ensure it will be taken seriously.

We in America have been, perhaps, too lax with our data standards — think unsecured credit applications, unaccounted-for deal jackets, or DMS and other vendor systems with unfettered NPI access — and, to paraphrase the immortal Sam Cooke, “A change is going to come.” The only question is whether your shop is prepared for it. 

DISCLAIMER: Content provided in this article is intended for informational purposes only and should not be construed as legal advice and should not be relied upon or acted upon without you retaining counsel to provide specific legal advise based upon your particular situation, jurisdiction and circumstances. No duties are assumed, intended or created by this communication. No attorney- client relationship is being created by your review or use of this material.

© 2018 Robert J. Wilson, All Rights Reserved

Robert J. Wilson, Esquire (Bob) is a Philadelphia lawyer and is General Counsel for ARMD Resource Group. Bob is the principal of Wilson Law Firm and has over 30 years of experience both as a counselor and as a litigator in State and Federal Courts. Risk management, problem solving and dispute resolution are his core competencies. Bob’s practice is largely in the consumer finance space and he regularly consults with Lenders and contributes articles on various compliance related issues.

Topics:Industry
Subscribe to Our Newsletter

More Industry

Foreign Cars Italia dealership store in front of sunset
Industryby Hannah MitchellJuly 2, 2026

Luxe N.C. Dealerships Change Hands

A collection of Italian and English brand franchises were handed off to the owner’s friend in the business and include the Carolinas’ only Ferrari retail stores.

Read More →
inside of car, person with hands on black steering wheel
Industryby Lauren LawrenceJuly 2, 2026

Exposure Drives Interest in Chinese Cars

At a recent demonstration, consumers had the chance to ride in a Chinese-branded vehicle, a firsthand experience that improved their perceptions and purchase intent.

Read More →
Woman's hands holding an wallet empty of cash
Industryby Hannah MitchellJuly 1, 2026

Automotive Consumers Sink Further in Debt

Most financing metrics hit records in the second quarter as more buyers locked themselves into long terms and high monthly payments.

Read More →
Ad Loading...
Rob Mancuso sitting in a chair on stage
Industryby Hannah MitchellJuly 1, 2026

Agent Advocate

Rob Mancuso, who comes from a long line of auto dealers, values general agents’ place in the industry and makes a case for them taking an even bigger seat at the table.

Read More →
Photo of a touchscreen on a car's dashboard
Industryby Hannah MitchellJune 25, 2026

Driving Under Distraction

Though consumers gave higher marks to new vehicles in JD Power’s most recent initial-quality poll, high-tech interference worsened, pointing to craving for simplicity.

Read More →
split background green and blue. 2019 to 2025 with car going from starting location to end point. $37,310 and $48,402. Agent Entrepreneur logo
Industryby Lauren LawrenceJune 25, 2026

Affordable New Cars a Thing of the Past

More than one out of five new vehicles sell for more than $60,000, according to Edmunds. That's up 7% compared to prepandemic 2019.

Read More →
Ad Loading...
Photo of multiple new SUVs on a car dealership lot
Industryby Hannah MitchellJune 22, 2026

State Follows Federal Warning on Auto Ads

The Massachusetts attorney general cautioned the state’s automotive dealers to be upfront with the consuming public about their vehicle prices or risk punishment.

Read More →
Gas pumps.
Industryby Lauren LawrenceJune 15, 2026

Consumer Outlook on the Rise

Younger generations are feeling more positive about their financial futures and current affordability pressures than older generations, according to recent TransUnion data.

Read More →
Group photo of men outside storefront.
Industryby Hannah MitchellMay 28, 2026

Pennsylvania Dealership Under New Retailers

The sale of the Chrysler Dodge Jeep Ram store puts a family auto group on a leaner path as first-time dealers take the helm.

Read More →
Ad Loading...
Hallway with lockered wiring and computer
Industryby Lauren LawrenceMay 28, 2026

Battery Storage Takes Priority Over EVs

U.S. automakers are prioritizing battery energy stationary storage over electric-vehicle production as the consumer demand for EVs lags the rest of the world.

Read More →
Ad Loading...