This procedure has been developed to enable effective responses to requests to realise the right to rectification.
The basic procedure is as follows:
Individuals will raise requests for rectification with the Data Protection Representative, which will be logged along with the time and date
Where the identity of the Data Subject has not been confirmed, the Data Protection Representative will contact the Data Subject to request proof of identity – this should be a current passport or driving license.
The Data Protection Representative will assess the appropriateness of the request and decide whether to meet it or not
If the request is to be met, the Data Protection Representative will forward on the request to the appropriate Data Manager who will carry out the rectification and notify the Data Protection Representative when the request has been completed
The Data Protection Representative will notify the individual via email their request has been carried out
If the request is not to be met, the Data Protection Representative will email the requestor explaining why this is the case and highlighting their right to complain to the relevant supervisory authority – this will be logged. Reasons for refusing a request include:
We are satisfied the data in question is actually accurate
The request is unfounded or excessive (e.g. it is repeated)
The results of requests will be logged by the Data Protection Representative
All requests will be completed within one month of receipt