Deleting Personal Data from Vehicles: a GDPR Obligation for Automotive Businesses

This is the second edition of the whitepaper, Deleting Personal Data from Vehicles: A GDPR Obligation for Auto Businesses, published in April 2026. It has been updated to reflect new information from the Information Commissioner’s Office (ICO) on the application of the GDPR to personal data stored in vehicles, along with information about new industry association standards for in-vehicle data deletion.

This whitepaper and legal analysis clarifies GDPR obligations of automotive-related Controllers to delete personal data in vehicles, including dealerships, leasing, motor finance, motor insurance, car rental/car sharing companies, manufacturers, fleet management, and more have in regards to the personal data collected and stored in vehicles (e.g., navigation and smartphone data). It clarifies the roles and responsibilities of certain Processors when it comes to data deletion. It also clarifies the need for a documented procedure, robust process and relevant software to be used, relying on the knowledge and judgement of individuals is unlikely to meet requirements to demonstrate GDPR compliance.

The ICO’s direction and legal opinion of Aidan Eardley, King’s Counsel should be reviewed by legal counsel in the automotive industry operating in the United Kingdom and European Union.

By submitting your personal information you agree we may send you an email with the link to download this white paper.

User consents to receive marketing information from Privacy4Cars