How the NCGA is Helping Protect Dealership Data
WHAT YOU’LL FIND OUT IN THIS ARTICLE
- Dealers own their customer and dealership data. Manufacturers or third parties cannot access or use this data without explicit, written consent from the dealer.
- Dealers can restrict the type of data shared with manufacturers or third parties and must be informed in advance of any changes in data-sharing requirements.
- Dealer management systems (DMS) must ensure the security, confidentiality, and integrity of dealer data.
- Dealers have the right to monitor data access and sharing activities in their DMS.
- Dealers can opt to provide data manually (in standard file formats) instead of granting direct access to their DMS.
- Manufacturers or DMS vendors must disclose all third parties that receive dealership data annually.
- Any third party accessing dealer data must indemnify the dealer against damages caused by data breaches or misuse.
What is G.S. 20-305.7?
G.S. 20-305.7 is a North Carolina law designed to protect car dealerships’ data and ensure they retain control over how their customer and operational information is shared, accessed, or used by manufacturers, distributors, and third-party vendors. Here is a link to the full Statute
What that means to you is…
This law gives dealers control over their data and ensures they aren’t forced to share sensitive customer or business information without proper authorization. It also safeguards dealerships from unreasonable fees, ensures transparency in data-sharing agreements, and holds third parties accountable for protecting dealership data.
In-Depth Breakdown
Dealers Own Their Data
Under G.S. 20-305.7, any information stored in a dealership’s management system—such as customer records, sales data, and service history—belongs to the dealer. Manufacturers, distributors, or other third parties can only access this data with the dealer’s written consent. This means dealers have the final say in how their information is used.
Limited and Lawful Data Access
Manufacturers can only request specific data related to their vehicles and programs, such as for recalls or validating incentives. They cannot demand unrelated customer or business information. Dealers can also choose to block certain data fields from being shared without facing penalties.
Security and Confidentiality are Key
Dealers must be able to protect their data. The law requires DMS vendors to provide systems that ensure data security and compliance with state and federal privacy laws. Dealers can also monitor what data is accessed or shared and request detailed reports on data usage.
Transparency in Third-Party Agreements
Manufacturers and vendors must disclose all third parties receiving dealership data, including the type of data shared, how it is used, and when it was accessed. This annual reporting ensures that dealers remain informed about their data’s journey.
Dealers Can Say “No” to Direct System Access
The law allows dealers to manually provide requested data in standard formats like CSV files, instead of giving manufacturers or vendors direct access to their systems. This protects dealers from unnecessary exposure to security risks.
Indemnity for Breaches
If a third party accessing dealership data causes harm, such as a data breach, they are required to cover all damages, including legal fees and costs related to the breach. This protection ensures dealers are not financially liable for mistakes outside their control.
What Do You Do Now That You Know?
Understanding your dealership’s relationship with its DMS is crucial. Data protection laws like G.S. 20-305.7 exist to empower dealers, but not every DMS provider or vendor makes compliance easy. Some systems may lack transparency, have weak security protocols, or fail to honor your rights to control data access.
At KGI Dealer Solutions, we go above and beyond to ensure our dealers don’t just meet the law’s requirements—they exceed them. If your current DMS provider isn’t offering the tools, flexibility, and security you deserve, it may be time to ask whether they’re the right partner for your dealership.
How KGI Dealer Solutions Stands Out
Monitoring Data Sharing
Our DMS includes multi-factor authentication and sign-in logs to track access. Plus, we offer an audit page for full transparency on inventory data and vendor interactions.
Controlling Data Access
We respect your decisions. If you need to restrict or stop data feeds, we make it easy and efficient.
Securing Your Data
With encryption and multi-factor authentication, we ensure your data is always safe from breaches or unauthorized access.
Popular Pages
If you like what you see here check out our products and services made for Used Car Dealers
Dealer Software $99 Dealer Websites Social Media Marketing How to Become a Dealer Marketing TipsContact Us
Have a Question or need Technical Support?
Call (704) 307-2030 Our Help Site Remote Support Link Chat On FacebookAbout KGI
Over 20 Years in Business.
Based in Apex, NC.
Family-Owned and Operated.
Serving Dealers in the Carolinas.