Right to Rectification

Overview:

Article 16 of the General Data Protection Regulation (GDPR) provides individuals the right to rectify (correct) their personal data without undue delay if found inaccurate. This right also enables individuals to have their incomplete personal data finalized, by adding a supplementary statement. To summarize, individuals have the right to ask for corrections if they discover that the information about them is incorrect or incomplete.

This article enables data subjects to ensure the correctness of their personal information that is kept by orgnanization.

Implementation Guidance:

1. Define and establish a process for handling rectification requests.There should be defined channels ( web form, email, etc)  for receiving the request. Mechanism to track all the requests, ensuring the correct is done within the timeframe, informing the requester on the corrections done.
2. Ensure that the identity of the requester is verified before making the corrections. If the identity cannot be verified by the details submitted, request for more details to assert the validity.
3. Document the processes and procedures for handling rectification requests.
4. Include the process for submitting the rectification request in the Privacy Notice.
5. Keep records and log of all the request and subsequent action taken.

Compliance Checklist

1. Privacy Policy
2. Privacy Notice
3. Privacy Notice
4. Rectification Request Form
5. Records,logs and audit trail

Examples & Use Cases

1. A customer identifies that the address on the online shopping portal is incomplete with the street name not mentioned. The customer places a rectification request and the portal makes the necessary correction after proper verification.
2. A customer identified that the name is misplaced in the bank records. The customer places a request by submitting the identity details for verification. Bank verifies the identity, makes the necessary changes and informs the customer.