Right of rectification policy and procedure
Responding to requests
The UK-GDPR does not specify how to make a valid request, however, the Council has an application form (detailed on Appendix B) to help facilitate the process. The request for rectification can be made verbally or in writing.
The request can be sent to any part of the Council, and staff will need to know how to process this and in the first instance forward to the Data Protection Inbox. The request itself need not even include the phrase ‘right to rectification’, Article 16, as long as the request to rectify or correct personal data is understood as the purpose. If there is any doubt clarification should be sought from the individual.
This presents a challenge as any Council employee could receive a valid verbal request. However, the Council has a legal responsibility to identify that an individual has made a request for rectification and handle it accordingly. Therefore each request must be logged.
Ensure adequate proof of identity of the applicant, a list of acceptable identification is listed in Appendix A. Once identity has been confirmed the documentation should be securely disposed of as the purpose for the processing of it has been fulfilled.
Ensure adequate information has been received from the applicant to facilitate identification is listed in Appendix A. Once identity has been confirmed the documentation should be securely disposed of as the purpose for the processing of it has been fulfilled.
In most cases the Council cannot charge a fee to comply with a request for rectification, unless the request is manifestly unfounded or excessive, in which case a “reasonable fee” for the administration costs with complying with the request may be made.