• Gdpr
  • May 09, 2018

LawBite’s Countdown Checklist for GDPR | Part Four

By Lawbite Team

Talk to a Lawyer Free Legal Help
It just over two weeks now until the GDPR compliance deadline!  Time is ticking away and we’re already on part four of our GDPR countdown checklist.  Last week we covered data minimisation, so only collecting the data you require for the purpose you have identified. This week we’re talking about one of the standards that data collected should meet; introducing Principle 4 of the GDPR everyone!

Principle 4: The Accuracy Principle
Principle 4 of the GDPR requires that personal data shall be “accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay”.

In simpler terms, if personal data is inaccurate when processed, this clearly poses a risk to data subjects. Data controllers are therefore responsible for taking all necessary steps to ensure that this is not the case.

So what does your organisation need to do in order to comply? The good news is that principle 4 does not materially change the position set out in the Data Protection Act 1998. So if your organisation is already following good processes in relation to collecting and storing data, you should be well on your way towards compliance. Furthermore, the law recognises that it may not be practicable to double check every single item of data you collect – taking reasonable steps should be sufficient. When considering what is reasonable in the context of your organisation, you should be looking at having mechanisms in place that enable you to ensure that the source of any personal data is clear, identify where there are any inaccuracies in the data you are collecting and ensure that updates are made as they are required. Reviews should be undertaken frequently; just because data may have been accurate when it was first collected this may not continue to be the case, therefore a mechanism needs to be in place that prompts and enables a review.

It is also worth remembering that the rights of data subjects (i.e. those individuals about whom the personal data is recorded) are greater under GDPR so they will have both the right to request the detail of the information held by an organisation about them and the right to rectification of any inaccurate or incomplete personal data. Post May 25th you will need to be able to respond to any such requests for information (‘data subject requests’) promptly (within a month to be precise!) and you will no longer be able to charge for supplying the information. Having in place robust data management and handling procedures will make responding to requests far easier, saving management time and resource in the long run.

Finally, GDPR is very keen on accountability – as a data controller you need to be able to demonstrate compliance with the key principles so do make sure all policies and procedures are documented. Even if you have been following best practice for years if you have never put in place a formal policy now is the time to get it written down!

Coming up next week: Principle 5 – The Storage Limitation Principle……same time, same place, next week!

To consult with Jessica, please submit an enquiry for a free 15-minute consultation or call our dedicated GDPR Hotline 0845 241 1843.

We have also put together a special LawBite Rescue GDPR Package for clients who need a little extra last minute help with compliance. As well as 12 GDPR compliant templates the package contains a 30 minute GDPR audit consultation and 2 hours of specific GDPR legal advice for only £495 + VAT (versus £675 + VAT). 

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By Lawbite Team
  • September 20, 2021
How to Gain Consent Under the GDPR

Even several years after the introduction of the General Data Protection Regulations (GDPR) in 2018, there is still a lack of understanding about h...

blog image
  • By Lawbite Team
  • September 15, 2021
How to Run a Data Subject Access Request (SAR)

Whether you are a small, medium, or large organisation, receiving a subject access request (SAR) or data subject access request (DSAR) and handling...

blog image
  • By Lawbite Team
  • September 15, 2021
What are the Privacy and Electronic Communications Regulations 2003?

In the era of digital communication and big data, it is more important than ever to protect the rights and privacy of customers, whether these are ...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan