The General Data Protection Regulation states that personal data must be accurate and, where necessary, kept up to date. All reasonable steps must also be taken to ensure that inaccurate data is erased or rectified without delay.
This principle is closely related to some of the data subject rights, such as the right of rectification. However, to comply with this principle, it is important to understand your business and develop a strategy to address the accuracy challenges you face. Then you should take all reasonable steps to ensure the quality of the information, including, if necessary, firm regular updating.
Inaccurate personal data essentially means inaccurate or misleading data that does not reflect the current state or situation of facts regarding the data subject. If you want to work with historical data, that’s not a problem, but make sure it’s fit for purpose and that you properly disclaim it.
For example, if you sell goods to consumers and have a record where John states that he lives in France but has moved to Germany, you will have inaccurate data. If your employee has changed his email address and you still have the older one in your record, you also have inaccurate data. In both cases, it is reasonable to expect the data subject to update their data – and to do so in a timely manner if they do – as the risk to privacy might not outweigh the constant contact asking for up-to-date information.
The definition of what constitutes a reasonable step depends entirely on your business, the personal data being processed and the purpose. If your data processing activities have a significant impact on the data subject, more careful measures need to be taken. If you are dealing with sensitive personal data or any kind of profiling, you need to be more responsible about your accuracy.
The principle of accuracy establishes a right for the data subject and creates a basis for responsibility for the controller. The data subject has the right to rectify inaccurate information and the business must take reasonable steps to ensure that your personal data is accurate. To do this, you need to understand the implications for your business and develop an appropriate strategy to be compliant with the GDPR.
To learn more about GDPR principles don’t forget to read our previous article.
Need some help on the road to compliance? Contact us today!