Question 1

What GDPR obligations do car wash services in Cork have?

Accepted Answer

Car Wash Services in Cork must appoint a data controller, maintain records of processing activities, implement appropriate security measures, provide privacy notices to customers, and respond to data subject access requests within one month under the Data Protection Act 2018.

Question 2

Can the DPC fine a car wash service in Cork?

Accepted Answer

Yes. The Data Protection Commission can fine any business in Cork, including car wash services, up to €20 million or 4% of global annual turnover for serious GDPR breaches. Even smaller infringements can result in fines up to €10 million.

Question 3

Do I need a Data Protection Officer for my car wash service in Cork?

Accepted Answer

Not all businesses need a formal DPO, but if your car wash service processes personal data on a large scale or handles special category data (like health information), you may be required to appoint one under GDPR Article 37. Even if not mandatory, having someone responsible for data protection is best practice.

Question 4

How do I handle a data breach at my car wash service in Cork?

Accepted Answer

You must notify the DPC within 72 hours of becoming aware of a personal data breach that poses a risk to individuals. You should also notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

Question 5

What privacy policy does a car wash service in Cork need?

Accepted Answer

Your car wash service needs a clear, plain-language privacy policy that explains what data you collect, why you collect it, how long you keep it, who you share it with, and what rights customers have under GDPR. This must be easily accessible to all customers and staff.

Question 6

Does GDPR apply to car wash businesses in Ireland?

Accepted Answer

Yes. If your car wash collects any personal data — customer names, phone numbers, vehicle registrations, payment details, or CCTV footage — you must comply with GDPR. Even a basic booking system or loyalty card scheme means you are processing personal data as a data controller.

Question 7

Are vehicle registration numbers personal data under GDPR?

Accepted Answer

Yes, where a vehicle registration number can be linked to an identifiable individual — which is almost always the case — it is personal data under GDPR. This means CCTV footage capturing registration plates, and any records linking reg numbers to customer names, must be handled in compliance with GDPR.

Question 8

Does a car wash need CCTV signage?

Accepted Answer

Yes. The DPC requires any business operating CCTV to display clear signage informing people they are being recorded. The signage must include the identity of the data controller, the purpose of the recording, and how to get more information. Footage should be retained for a maximum of 30 days in normal circumstances.

Question 9

What GDPR rules apply to car wash loyalty schemes?

Accepted Answer

Loyalty schemes collect personal data and are subject to GDPR. You must provide a privacy notice at sign-up, have a lawful basis for processing the data, allow customers to access or delete their data, and not use loyalty data for marketing without consent. You should also set a retention period and delete inactive accounts.

GDPR Compliance for Car Wash Services in Cork

Do car wash services in Cork need to comply with GDPR?

Key GDPR Risks for Car Wash Services

Personal Data Your Car Wash Service Processes

Find out your GDPR score in 2 minutes

Required GDPR Policies & Documents

GDPR Compliance Steps for Car Wash Services

Common GDPR Mistakes Car Wash Services Make

Frequently asked questions

Don't wait for the DPC to come knocking