Home > Article 16. Right to rectification
Download PDF

Article 16 GDPR. Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Explanation ISO 27701 Recitals Guidelines & Case Law Leave a comment
Explanation

(RU) В 1973 году Совет Европы порекомендовал исправить «неточную информацию» в контексте данных, собранных в электронных банках данных (Резолюция о защите конфиденциальности физических лиц в отношении электронных банков данных в негосударственном секторе (Resolution on the Protection of the Privacy of Individuals vis-a-vis Electronic Data Banks in the Private Sector). Поэтому неудивительно, что в Общих положениях Европейского союза о защите данных 2016 года (European Union 2016 General Data Protection Regulation) было предусмотрено «право на уточнение». Сюрпризом же стало отсутствие указаний в отношении прав и обязанностей, связанных с осуществлением этого права.

Любое лицо может попросить контролера…

[…]


to read the full text

Author
Louis-Philippe Gratton
Louis-Philippe Gratton PhD, LLM
Privacy Expert

Data Subject Request Letter Sample

Concern: Request to rectify inaccurate personal data

Dear Madam, Dear Sir,

You have data concerning me that are inaccurate…

[…]


to read the full text

Author
Louis-Philippe Gratton
Louis-Philippe Gratton PhD, LLM
Privacy Expert

Data Subject Request Letter Sample

Concern: Request to rectify incomplete personal data

Dear Madam, Dear Sir,

You have data concerning me that are incomplete…

[…]


to read the full text

Author
Louis-Philippe Gratton
Louis-Philippe Gratton PhD, LLM
Privacy Expert
Author
Siarhei Varankevich CIPP/E, CIPM, MBA
Co-Founder & CEO of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant
ISO 27701
Recitals

(65) A data subject should have the right to have personal data concerning him or her rectified and a ‘right to be forgotten’ where the retention of such data infringes this Regulation or Union or Member State law to which the controller is subject. In particular, a data subject should have the right to have his or her personal data erased and no longer processed where the personal data are no longer necessary in relation to the purposes for which they are collected or otherwise processed, where a data subject has withdrawn his or her consent or objects to the processing of personal data concerning him or her, or where the processing of his or her personal data does not otherwise comply with this Regulation. That right is relevant in particular where the data subject has given his or her consent as a child and is not fully aware of the risks involved by the processing, and later wants to remove such personal data, especially on the internet. The data subject should be able to exercise that right notwithstanding the fact that he or she is no longer a child. However, the further retention of the personal data should be lawful where it is necessary, for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims.

Guidelines & Case Law Leave a comment