Danish data protection authority Datatilsynet has ordered a bus company to explain, by July 15, how it will amend its IT systems to allow for compliance with the right to rectification (correction) under GDPR and provide a timetable for the implementation of the changes.
Takeaways:
- Your IT system must allow for correction of data when requested by a customer / user
- You cannot satisfy the right to rectification by adding additional information (e.g. in a comment field or correction line) instead of amending the incorrect information
- If your system does not correctly document the data collected and does not allow for amending it, this will also violate the fair and lawful processing requirement of Art 5 of GDPR to ensure that personal data is accurate and up to date and to take every reasonable step to ensure that personal data that is inaccurate is corrected.