Know your rights. The right to rectification. How to claim accuracy for your data.

Correcting inaccurate personal information is crucial because many companies rely on this data to make decisions about you or verify your identity. If the data they have is wrong, it could negatively affect decisions about you or cause issues when dealing with service providers, obtaining a loan, or confirming your identity.

Here's how to exercise your right to correct inaccurate or complete incomplete data.

What it is

The right to rectification (article 16 – GDPR) allows you to request an organization to correct any inaccuracies in the data they have about you. This includes information that is objectively incorrect. "Rectifying" data means replacing the incorrect details with accurate information; it doesn't involve deleting or removing data. This right also covers updating incomplete data sets with missing information. Examples of errors in personal data may include misspelled names, incorrect or incomplete addresses, inaccurate dates of birth, and errors in education or employment details, as well as mistakes on your credit report.

If the organization has shared your personal data with third parties, they must inform them of the correction. The third parties are also obligated to rectify the information they hold.

Example story

A credit bureau processes information provided by John's former landlord whereby it is stated that he owes him 3 months' rent. John has just won a legal dispute, and the claim for the 3 months' rent was ruled unfounded. John may ask the credit bureau to correct the data it holds about him so that he isn't put at a disadvantage in the future when credit requests are processed.

How to request data correction

To correct errors in your personal data held by an organization, follow these steps:

1. Contact the organization: Reach out to the organization handling your data via email, letter, fax, or an online form. Clearly state that there is an error in your personal data. Request written confirmation once the error is resolved or the missing information is added.
2. Include specifics in your request:

• The incorrect data that needs correction.
• The accurate information that should replace it.
• If there's missing information, clearly specify what is lacking (e.g., your date of birth).
• If applicable, attach proof of the correct information.
• If the organization has shared inaccurate data with others, ask them to inform these third parties about the correction. This ensures that everyone who received the incorrect data is aware of the rectification.

Discover third parties holding your data: With Bitdefender Digital Identity Protection, you can identify all your online accounts, both old and new, opened with Outlook or Gmail. This tool simplifies exercising your right to access with pre-written emails you can send to companies with one click. Once you retrieve your data, you decide what to do next: correct it, restrict its processing, delete it. You get control over your digital footprint.

What to expect:

An organization must respond to a rectification request within one month. This can be extended in complex situations by up to two more months. If they're unsure about your identity, they may ask for more information.

If the organization rejects your request without a good reason, tries to charge you unfairly, doesn't inform you about the correction, doesn't limit the processing while handling your request (if you asked them to), doesn't respond within a month (or within the extended period of up to three months), you can complain to a data protection authority in your country.

The US. The right to rectify errors depends on the specific laws in place. For instance, laws like the FCRA grant consumers the right to check and correct data about themselves held by an entity. At the state level, the opportunity to correct information is often linked to credit reports, along with details in criminal justice records, employment records, and medical records.

Recent state data privacy laws, such as CPRA, Virginia CDPA, Colorado Privacy Act, and Connecticut Privacy Act, grant consumers the right to fix inaccuracies in their personal data held by businesses.