Home Privacy Law GDPR GDPR Principle 4: Data Accuracy

GDPR Principle 4: Data Accuracy

What is the fourth of the seven data processing principles outlined in GDPR?

The fourth principle of data processing is data accuracy.

Based on the principle of data accuracy, organizations must take reasonable steps to ensure that information they have on data subjects are accurate, keep the information up-to-date, correct any incorrect or misleading information on data subjects and consider the possible challenges of data accuracy when collecting data.

GDPR text on data accuracy

Article 5 of GDPR provides that personal data shall be:

“accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay”

What is the data accuracy principle?

The data accuracy principle is the notion that organizations should ensure they collect and process accurate information on a data subject.

Individuals have the right to demand that organizations correct inaccurate data on them or even delete that incomplete or inaccurate data.

As a result, for individuals to be able to exercise their right to rectification or right of erasure, organizations must take the necessary steps in keeping the data subject information accurate.

How to keep data accurate?

Companies must adopt policies and procedures designed to keep information on data subjects complete and accurate.

As such, to comply with this fourth GDPR principle, companies must take all the necessary and reasonable steps to ensure data are data subjects are accurate.

Organizations should validate that the source of the information on the data subject is clear.

Consider verifying the information they hold at a regular interval to ensure the data continues to remain accurate and up-to-date.

Companies must also evaluate any possible hurdles, obstacles or challenges they may face in maintaining the data collected accurately.

At what point is personal data considered inaccurate?

GDPR does not clearly define the boundaries between accurate data and inaccurate data.

It is left up to companies and organizations to evaluate the accuracy of the personal data they hold on individuals.

For example, if someone currently lives at a specific address and the company does not have the individual’s proper address, this is inaccurate data.

On the other hand, if the company has a record of the previous address of the data subject, although the person no longer lives there, the historical data is nonetheless correct.

Depending on how the company views the data, the accuracy can be established.

In our example, the same information about someone’s address was accurate in one instance and inaccurate in the other instance.

Do companies have an obligation to keep records of a mistake in data processing?

It often happens that organizations make good-faith mistakes in processing data for a customer.

For example, a customer purchases product A and it is recorded as product B.

In another instance, the customer buys a product for $100 but it’s recorded and charged at $400.

If there was a mistake in the records of the company, should that be corrected or deleted?

In most cases, companies have a legitimate interest in keeping a factual record of the mistake even though there was a mistake made.

Companies will generally keep that record and document the mistake so they can provide sufficient justification to their client, auditors or other stakeholders.

Keeping the record of the mistake is therefore acceptable and will not violate the data accuracy principle to the extent the records factually show the mistake.

The records kept by a company should factually reflect the mistake for historical purposes.

What measures should be taken to update personal data?

Companies should take reasonable efforts to ensure that the information they use and process on individuals remain up-to-date.

Having said that, do companies have the obligation to keep all personal data up-to-date all the time?

It will depend on the nature of your processing.

When you process personal data for a particular purpose, the information must be accurate and up-to-date so you can successfully achieve your purpose.

For example, if you need to ship goods and products to a person, you want to make sure you have the person’s correct shipping address.

If you got the person’s shipping address, do you need to re-engage with your clients to have them update their address?

In such instances, it’s reasonable to rely on the individual’s initiative to give you their latest address and periodically ask them if their address has changed.

If they do not request the update of their address, you can rely on the address they gave you.

If you are processing personal data on a regular basis, you’ll have more of an interest to keep that information up-to-date as you rely on that data often.

For more content on the GDPR principles, read our post titled What Are The 7 Principles of GDPR?

Editorial Staff
Hello Nation! I'm a lawyer by trade and an entrepreneur by spirit. I specialize in law, business, marketing, and technology (and love it!). I'm an expert SEO and content marketer where I deeply enjoy writing content in highly competitive fields. On this blog, I share my experiences, knowledge, and provide you with golden nuggets of useful information. Enjoy!

Most Popular

What Is A Special Purpose Entity (All You Need To Know)

What Is A Special Purpose Entity (Explained: All You Need To Know)

What Is Corporate Raiding (Explained: All You Need To Know)

What Is Corporate Raiding (Explained: All You Need To Know)

What Are Golden Shares (Explained: All You Need To Know)

What Are Golden Shares (Explained: All You Need To Know)

What Is A Targeted Repurchase (Explained: All You Need To Know)

What Is A Targeted Repurchase (Explained: All You Need To Know)

What Is A Friendly Takeover (Explained: All You Need To Know)

What Is A Friendly Takeover (Explained: All You Need To Know)

Editor's Picks

COBID (What It Is And How It Works: All You Need To Know)

COBID (What It Is And How It Works: All You Need To Know)

Which of The Following Is Defined As A Contract That Prescribes The Technical Support (Answer)

Which of The Following Is Defined As A Contract That Prescribes The Technical Support (Answer)

Which One of The Following Parties Has Ultimate Control of a Corporation?

Which One of The Following Parties Has Ultimate Control of a Corporation?

Reseller License (What Is It And Why It’s Important: Overview)

Reseller License (What Is It And Why It’s Important: Overview)

Personal Service Corporation (What It Is And How You Qualify As PSC)

Personal Service Corporation (What It Is And How You Qualify As PSC)