GDPR Compliance: Accuracy and Up-to-Date Personal Data

Overview

Under the GDPR regulations, personal data must be accurate and kept up to date:

“Personal data shall be accurate and where necessary kept up to date. Every reasonable step needs to be taken to ensure that inaccurate personal data is erased or rectified without delay.”

Comparison with the 1998 Data Protection Act

Similar to the requirements of the 1998 Data Protection Act, but with a stronger emphasis on the right to rectification for individuals under GDPR.

Organisational Responsibilities

Organisations should:

• Accuracy Checks: Have processes to check the accuracy of collected data.
• Source Verification: Verify the source of the data.
• Update Procedures: Identify when data needs to be updated and update it as necessary.

Recording Mistakes

Mistakes in records should be:

• Clearly Identified: Clearly marked as mistakes.
• Opinions: Clearly distinguish opinions and any relevant changes to facts.

Data Review and Updating

Data should be:

• Periodically Reviewed: Reviewed periodically to ensure fitness for purpose.
• Contact Information: Information about updating data should be provided in the Privacy Policy.

Customer Relations

For ongoing relationships:

• Individual Responsibility: Individuals may be expected to inform organisations of changes, such as a new address.
• Data Updates: Data should be updated accurately based on information provided by individuals.