Rectification (Right to Correct)

The data subject right to have inaccurate personal data corrected or incomplete data completed without undue delay, established under GDPR Article 16 and similar provisions in other privacy laws. This right ensures data accuracy and protects individuals from harm caused by incorrect information. Organizations must verify identity, assess the correction request's validity, and update records across all systems. Under CCPA/CPRA, this is the 'right to correct' inaccurate personal information. Companies should establish processes for receiving correction requests, verifying requestor identity, investigating accuracy claims, making corrections within legal timeframes (typically 30-45 days), and notifying third parties who received the incorrect data. The right balances with other considerations—organizations may refuse obviously unfounded requests but must document their reasoning. When corrections are made, businesses should update not just their primary databases but also backups, archived data, and information shared with processors or third parties.