How to Demonstrate Compliance With GDPR Article 16

GDPR Compliance Software

Book a demo

bottom,view,of,modern,skyscrapers,in,business,district,against,blue

On a basic level, GDPR Article 16 provides data subjects with the ability to ‘rectify’ (modify) their personal data.

In terms of the organisation’s obligations, ‘rectification’ refers to an individual’s right to ensure that any data held on them is accurate, and any inaccuracies are dealt with accordingly.

As it deals with legal concepts, rather than any operational matter, Article 16 doesn’t feature within any ISO-related sub-clauses or controls.

GDPR Article 16 Legal Text

UK GDPR Version

Right to Rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement

EU GDPR Version

Right to Rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement

Simple. Secure. Sustainable.

See our platform in action with a tailored hands-on session based on your needs and goals.

Book your demo
img

Technical Commentary

Data held on a subject is a reflection of themselves as both a private an individual and a consumer.

Individuals place a great deal of importance in PII for a number of reasons, not least because of the role such data plays in informing the decisions of third party organisations (e.g. credit reference agencies, banks and government organisations) that have a direct impact on a person’s life.

As such, incorrect data can represent a severe risk that inhibits a person from enjoying the same freedoms and privileges that would occur if said data was 100% correct.

Right to Correct Inaccurate Data

GDPR legislation stops short of offering a concrete description of what can be labelled as ‘inaccurate’, but in general, this means that the facts contained within a person’s data don’t conform with reality.

Right to Rectify Incomplete Data

Incomplete personal data is a difficult concept to define. Data may be deemed ‘complete’ for one purpose, but ‘incomplete’ for an unrelated purpose. As such, organisations are only obliged to rectify data sets that are incomplete for their stated purpose.

How ISMS.online Helps

Our pre-configured Records of Processing Activity tool makes it simple to record and review data, as well as add your organisation’s details. We provide easy to use templates for recording privacy and legitimate interest assessments.

It is essential to demonstrate how well you manage Data Subject Rights Requests (DRR). Our secure DRR space keeps everything in one place, providing automated reporting and insight.

Whether you’re prepared for the worst or not, we make it simple to plan, communicate, document, and learn from every incident. Find out more by booking a demo.

Discover our platform

Book a tailored hands-on session
based on your needs and goals
Book your demo

We’re cost-effective and quick

Discover how that will boost your ROI
Get your quote

Streamline your workflow with our new Jira integration! Learn more here.