Danish data protection authority Datatilsynet has ordered a bus company to explain, by July 15,  how it will amend its IT systems to allow for compliance with the right to rectification (correction) under GDPR and provide a timetable for the implementation of the changes.
Takeaways:
  • Your IT system must allow for correction of data when requested by a customer / user
  • You cannot satisfy the right to rectification by adding additional information (e.g. in a comment field or correction line) instead of amending the incorrect information
  • If your system does not correctly document the data collected and does not allow for amending it, this will also violate the fair and lawful processing requirement of Art 5 of GDPR to ensure that personal data is accurate and up to date and to take every reasonable step to ensure that personal data that is inaccurate is corrected.

Read the full ruling from Datatilsynet.