Readywire is purpose-built to modernise dealership operations—compliance is the natural by-product of our solution. Our AI-driven, cloud-based ERP platform is layered by design. At its foundation is a Unified System of Record, which consolidates all data silos into a single, secure, and centralised environment, says Viren Choudhary, Founder & CEO of Readywire in an interview with EVolution Auto India.
Q: What are the implications of the Digital Personal Data Protection Act (DPDPA) for the automotive industry, especially for OEMs and dealerships?
Viren Choudhary: The automotive sector, which contributes nearly 7 percent to India’s GDP, is both economically vital and operationally complex. At the heart of this industry are the dealerships—the frontline and retail face of the entire ecosystem. Due to regulatory requirements and the nature of automotive purchases, dealerships are required to collect and manage Know Your Customer (KYC) information. Virtually every transaction, financing arrangement, and customer relationship flows through them, making dealerships the primary collectors and processors of vast volumes of personal and sensitive data.
Most dealerships today operate in a fragmented, manual environment where customer documents are handled physically or stored across disconnected systems with minimal access controls. This lack of digital oversight not only leaves dealerships exposed—it puts OEMs at risk, too, as this data is collected in their name and often shared upstream.
The implications are clear: Both dealerships and OEMs are responsible for securing customer data, and the penalties for mishandling it can also extend to OEMs.
In the current setup, true data security isn’t just difficult—it’s structurally impossible. Continuing with the status quo heightens the risk of breaches, regulatory violations, and customer complaints. Left unaddressed, these risks can quickly escalate into financial penalties, reputational damage, and, in some cases, even criminal liability for breaches of privacy commitments.
Q: What are the primary data compliance hurdles that dealerships must overcome under DPDPA, and how can AI-driven ERP solutions assist in minimising these risks?
Viren Choudhary: The biggest challenge for the dealership operations today is that they were never designed with data privacy in mind. The current operating landscape is replete with fragmented systems, manual transfers, hard copy storage, and very little access control. This structure creates numerous vulnerability points that cannot be secured and can easily escalate into DPDPA violations for various reasons. The dealership network needs to reorganise to become a digitally native enterprise. To solve this issue, there must be end-to-end digitisation—starting from the very first point of customer data collection, which today still happens on paper and must be transformed into digital records. This requires substantial transformation. Vertical-specific, AI-driven ERP systems address this problem by consolidating the entire operation onto a single, unified platform. Everyone works on a single system, all connected, so manual transfers are eliminated. Customer touchpoints become digital bridges, and all user interfaces come with access control.
Q: In what ways do conventional dealership management systems leave businesses vulnerable to data breaches and regulatory penalties under the new law?
Viren Choudhary: The current digital landscape within dealerships is typically centered on a Dealer Management System (DMS) provided by the original equipment manufacturer (OEM). However, this is primarily a point-of-sale (POS) system designed to manage purchase and sales transactions. For the rest of their operations, dealerships rely on spreadsheets or standalone systems. Accounting is handled through a separate tool, HR through another, and so on.
There are multiple manual processes for collecting customer and employee documentation, often in hard copy or via informal channels, such as WhatsApp. These systems function in silos, rely heavily on human input, and lack built-in governance mechanisms. In such an environment, enforcing controls is practically impossible.
There’s little to no auditability, and proactive monitoring is minimal. For instance, a customer’s financial document may be collected as a hard copy or sent through WhatsApp, making access control nearly impossible. Similarly, an employee’s KYC documents may be scanned and stored on a local desktop—completely unprotected. These files can be copied, printed, or shared without any oversight. Even printed customer details often lack masking, making sensitive information readily visible and accessible.
This fragmented and uncontrolled environment makes dealerships highly vulnerable under the DPDPA. Not only does it expose them to regulatory penalties, but in serious cases, it can also lead to criminal prosecution for violating data privacy norms.
Q: How does improper data handling at the dealership level create a chain reaction that affects OEMs?
Viren Choudhary: Dealerships serve as the frontline interface between customers and the OEM. They gather customer data during purchases, financing, servicing, and other transactions. This data is then shared with OEMs but also retained by the dealerships for their own use. From the customer’s point of view, the dealership represents the OEM. So, any breach at the dealership is automatically associated with the OEM’s brand.
While an OEM may secure its internal systems, the vulnerability lies in how data is handled at the dealership before it reaches them. Dealerships still rely heavily on manual processes, unstructured data handling, and porous systems with weak access controls. This makes breaches more likely at the dealership level—and those breaches become OEM liabilities under DPDPA because the data was collected in the OEM’s name.
Now, imagine a breach surfaces on social media. A single incident can quickly go viral, encouraging other customers to speak out. Complaints begin to pour in to the Data Protection Board, and before long, the OEM is caught in a regulatory and reputational firestorm. The penalties, both monetary and brand-related, can be immense.
Q: How does Readywire’s cloud-based ERP system strengthen data security and ensure compliance for dealerships?
Viren Choudhary: Readywire is purpose-built to modernise dealership operations—compliance is the natural by-product of our solution. Our AI-driven, cloud-based ERP platform is layered by design. At its foundation is a Unified System of Record, which consolidates all data silos into a single, secure, and centralised environment. This eliminates fragmentation and ensures that every interaction—whether with customers, employees, or vendors—is recorded in a consistent and controlled manner.
On top of this, we introduce Agentic AI, which automates routine data handling tasks such as input, validation, reconciliation, and reporting. By doing so, we dramatically reduce human access to raw data. Every data point is masked, permission-tagged, and access-controlled—so no one sees more than they’re allowed to. Even internal staff can’t view sensitive documents unless explicitly authorised.
Most importantly, all external and internal interactions are transformed into secure digital bridges. There’s no need for hard copies, emails, USB transfers, or messaging apps like WhatsApp. Documents are collected digitally, stored securely, and accessed only through governed workflows. Every action is logged, every permission is tracked, and every access point is visible.
This approach not only eliminates the operational loopholes that typically lead to breaches—it also ensures dealerships are audit-ready, always in compliance, and positioned for long-term trust and scalability.