Correction
Definition
Correction refers to the privacy right that empowers individuals to rectify inaccuracies, complete missing information, or update outdated details within their personal data records held by an organization. Often described as the right to correction or the right to rectification, this mechanism helps ensure that organizations do not process or make decisions based on erroneous information. Data correction rights are intrinsic to the principle of data accuracy, requiring organizations to maintain the quality and integrity of the information they store. When an individual exercises this right, the organization is typically obligated to verify the request and modify the records across its databases and relevant downstream systems. Effective rectification of data is essential for preventing harms such as misdelivery of services, incorrect credit decisions, or identity and account issues.
Real-World Examples
Address Update for E-commerce
A customer relocates to a new city and submits a correction request to an online retailer to update their billing and shipping address. The retailer verifies the new details and updates the customer's profile to ensure future deliveries reach the correct location, demonstrating support for data update rights.
Employment Record Rectification
An employee legally changes their surname. They provide official documentation to their employer's HR department. The organization processes this personal data correction by updating payroll systems, email directories, and benefits records to reflect the accurate legal name, helping maintain data quality.
The right to correction allows an individual or data subject to request that an organization or data controller rectify inaccurate or misleading personal data, complete incomplete data, or update information that has changed over time. This right helps ensure that the data remaining in the organization's possession is accurate and consistent with the individual's current reality.
To submit a data correction request, individuals typically use the channels designated by the organization, such as a privacy portal, settings menu in an application, or a dedicated email address for privacy queries. The request should clearly identify the specific data that is incorrect and provide the accurate information.
Organizations should verify the identity of the requester and the validity of the new information. Upon verification, they are expected to correct the inaccurate data in their own systems and, where appropriate, communicate these corrections to relevant third parties to whom the data was disclosed so the records can be updated consistently. Maintaining an up-to-date map of where personal data is stored (systems, SaaS apps, and identity stores) helps ensure corrections propagate reliably; WatchDog's Asset Inventory can support that system visibility.
Organizations should respond to and process correction requests without undue delay and within any timelines set by applicable requirements or internal policies. Failure to act within a reasonable timeframe can undermine data correction rights and may trigger escalation through complaint or grievance processes.
Generally, objective personal data that is factually inaccurate, incomplete, or outdated can be corrected. This includes names, contact details, account information, financial records, and employment history. Subjective data, such as an opinion or assessment, may not always be subject to correction unless the underlying facts are shown to be incorrect.
If an organization disputes a correction request because it believes the current data is accurate, it should document the reasons for its decision. Good practice may include noting the individual's contestation in the record (where feasible) while the dispute is reviewed, and requesting verifiable evidence to support the proposed change.
Organizations should maintain a log of correction requests, including the date received, the identity of the requester (or account reference), the specific data challenged, the verification steps taken, the action taken (correction or refusal), and the date of resolution. This documentation helps demonstrate accountability during audits or investigations. If supporting documents are exchanged to validate a correction, they should be shared via a secure channel with clear access controls and an audit trail; WatchDog's Secure File Sharing can help support that workflow.
Data correction is a primary mechanism for maintaining data quality. By allowing individuals to fix errors, organizations help keep their records accurate, reliable, and up-to-date. High data quality reduces operational risks, such as shipping errors or billing mistakes, and supports fair outcomes when decisions are made using personal data.
References & Resources
Crafting & Implementing A Data Management Policy
WatchDog Security
Regulation (EU) 2016/679 (GDPR) — Article 16: Right to rectification
EUR-Lex (European Union)
The Digital Personal Data Protection Act, 2023 — Section 12: Right to Correction, Completion, Updating and Erasure
Ministry of Electronics and Information Technology (MeitY), Government of India
Right to rectification (GDPR) — detailed guidance
Information Commissioner's Office (ICO)
| Version | Date | Author | Description |
|---|---|---|---|
| 1.0.0 | 2026-02-26 | WatchDog Security GRC Wiki Team | Initial publication |
