Understanding GDPR Article 16: The Right to Rectification Explained
On a basic level, GDPR Article 16 provides data subjects with the ability to ‘rectify’ (modify) their personal data.
In terms of the organisation’s obligations, ‘rectification’ refers to an individual’s right to ensure that any data held on them is accurate, and any inaccuracies are dealt with accordingly.
As it deals with legal concepts, rather than any operational matter, Article 16 doesn’t feature within any ISO-related sub-clauses or controls.
GDPR Article 16 Legal Text
UK GDPR Version
Right to Rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement
EU GDPR Version
Right to Rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement
Manage all your compliance, all in one place
ISMS.online supports over 100 standards and regulations, giving you a single platform for all your compliance needs.
Technical Commentary
Data held on a subject is a reflection of themselves as both a private an individual and a consumer.
Individuals place a great deal of importance in PII for a number of reasons, not least because of the role such data plays in informing the decisions of third party organisations (e.g. credit reference agencies, banks and government organisations) that have a direct impact on a person’s life.
As such, incorrect data can represent a severe risk that inhibits a person from enjoying the same freedoms and privileges that would occur if said data was 100% correct.
Right to Correct Inaccurate Data
GDPR legislation stops short of offering a concrete description of what can be labelled as ‘inaccurate’, but in general, this means that the facts contained within a person’s data don’t conform with reality.
Right to Rectify Incomplete Data
Incomplete personal data is a difficult concept to define. Data may be deemed ‘complete’ for one purpose, but ‘incomplete’ for an unrelated purpose. As such, organisations are only obliged to rectify data sets that are incomplete for their stated purpose.
How ISMS.online Helps
Our pre-configured Records of Processing Activity tool makes it simple to record and review data, as well as add your organisation’s details. We provide easy to use templates for recording privacy and legitimate interest assessments.
It is essential to demonstrate how well you manage Data Subject Rights Requests (DRR). Our secure DRR space keeps everything in one place, providing automated reporting and insight.
Whether you’re prepared for the worst or not, we make it simple to plan, communicate, document, and learn from every incident. Find out more by booking a demo.
