As you will be aware, data protection law is changing on 25th May 2018. Like all organisations, the Institute of the Motor Industry are GDPR Compliant.

In the meantime, we thought it would be useful to publish answers to some of the questions we are receiving; no doubt these will be of interest to you all.

Frequently Asked Questions

Click on the question below for more information

  1. What is the GDPR?
  2. The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
  3. What is personal data?
  4. The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier, for instance name or identification number.
  5. How will the IMI use personal data?
  6. We are a data controller and as such are committed to the protection of all learner data. We will only process personal data in accordance with the GDPR, together with any legal or regulatory requirements. For further detail please see our Privacy Policy updated in line with GDPR.
  7. How can the IMI assure centres that learner data is safe?
  8. We have reviewed and reissued our Policy Statement to assure our customers of compliance with GDPR. We are additionally carrying out a review and cleanse of all personal data we currently hold and our internal operating processes.
  9. Who has access to approved centre records?
  10. The External Quality Assurers assigned to the centre and relevant staff members for audit and compliance purposes.
  11. Who does the IMI share data with?
  12. We only share data with relevant 3rd parties for compliance, auditing or purposes relating to and in pursuit of development of our products and services.
  13. How long does IMI retain data?
  14. Records are kept for as long as required to meet the operational needs of the IMI and in accordance with legal and regulatory requirements. Full details of the retention period depending on the types of data are within the IMI Data Retention Policy (soon to be communicated).
  15. How long should centres retain records associated with the delivery of IMI qualifications?
  16. Assessment records should be kept by the centre for a minimum period of six years. See section 2.4 - Internal Quality Assurance within the IMI operating manual.
  17. Is there anything different that centres need to action to ensure compliance with IMI and regulatory requirements, whilst also ensuring compliance with GDPR?
  18. Any change to requirements or process will be communicated to all parties as necessary. IMI are currently reviewing content of Centre Agreements, the request for a centre data representative has been issued and centres are urged to provide this information by 27th April 2018.
  19. Does the IMI have any updated policies I can read about GDPR?
  20. You can find all of the IMI's most up to date policies here - IMI Policies.
  21. Will the IMI encrypt emails?
  22. Yes. The IMI has implemented software called Egress which will encrypt sent emails containing any sensitive personal data. When you receive your initial encrypted email from us, it will appear with the below in the body of the email (see screenshot below). You can either create an account or download a free version of Egress on your computer. Please use this supportive guidance to help you create an Egress account. Doing either of these options will allow you receive encrypted emails from the IMI in an easy and secure way.


If you'd like more information or have any questions around GDPR, we're here to help.