Ways to meet our expectations:

• Document how to handle rectification requests in sufficient detail in policies, including who oversees the request process and how.
• Have a process to determine whether information is inaccurate, and how to correct it quickly or document the inaccuracy, if you can’t rectify it.
• Ensure policies have appropriate document and version control.
• Communicate policies to staff and make policies readily available for them to refer to.
• Keep policies up-to-date, particularly with any changes to data protection law.

Options to consider:

• Include specific processes for erasure requests within your policy about how to handle individual rights.
• Use reliable indexes, file content pages, and descriptions of documents to help locate paper records quickly.
• Use appropriate search functionality and metadata to help locate electronic records quickly.

Ways to meet our expectations:

• Have a process to inform third parties about any request for rectification, if you have shared inaccurate personal information with them.
• Document responsibilities and processes for rectification requests in contracts with processors.
• Document responsibilities for rectification requests in sharing agreements with other controllers. 
• Measure performance and compliance metrics or key performance indicators for rectification requests (eg the number of requests received and the time taken to inform third parties).

Options to consider:

• Include specific processes for rectification requests within your policy about how to handle individual rights.
• Track the number or percentage of requests where you identified inaccurate information, and feed this into data quality processes or staff awareness exercises.

Ways to meet our expectations:

• Complete data quality reviews to confirm that information is still accurate, adequate and not excessive for the purpose you are processing it for.
• Take appropriate actions to resolve data quality issues and update processes and staff after reviews.

Options to consider:

• Document data quality reviews in your internal audit programme.
• Use standard formats or system validation rules to ensure you collect quality information.
• Set up automated alerts for information that doesn’t meet data quality requirements. 
• Generate system reports of missing or incorrectly formatted information and report to senior managers regularly.

Ways to meet our expectations:

• Train new staff on data quality at induction and refresh training periodically.
• Communicate data quality issues to staff to raise awareness (eg using posters, team meetings, reminder emails, and newsletters).
• Provide feedback quickly to relevant staff on findings from data quality reviews.

Options to consider:

• Review data quality training content regularly to keep it up-to-date.
• Communicate regular data quality reminders or run data quality awareness campaigns covering common issues.