GRCWatch
Sign inStart free trial

GDPR A5-04: Accuracy — Maintain & Correct Personal Data

GDPR Article 5(1)(d) requires organizations to keep personal data accurate and up-to-date. This control mandates establishing processes to identify inaccurate data, rectify it promptly, and enable data subjects to request corrections—a foundational accountability measure for any GDPR compliance program.

What this means

Data accuracy under GDPR means taking proactive steps to ensure personal data is correct, complete, and current throughout its lifecycle. Organizations must establish systems to detect inaccuracies, correct them without undue delay, and provide data subjects with straightforward mechanisms to request corrections or erasure of incorrect information. This includes conducting periodic accuracy reviews and maintaining audit trails of corrections made.

How to comply

  1. 1.Document your data accuracy policy, including roles, timelines, and correction procedures.
  2. 2.Implement data validation at point of collection (e.g., email confirmation, address verification).
  3. 3.Establish a data subject correction request process accessible via your privacy portal or support channel.
  4. 4.Define clear ownership for accuracy reviews—identify who owns each data category and how often reviews occur.
  5. 5.Set correction timelines (e.g., correct inaccuracies within 10 business days of discovery or request).
  6. 6.Maintain records of inaccuracies found, corrections made, and any erasures performed.
  7. 7.Conduct periodic accuracy audits (at least annually) on high-risk or frequently-updated datasets.
  8. 8.Train staff on data accuracy requirements and correction workflows.

Evidence auditors look for

  • Data accuracy policy document signed by data protection officer or management
  • Records of data subject correction requests and your responses (timestamps, actions taken)
  • Periodic accuracy review reports showing datasets audited and issues found/resolved
  • System logs or screenshots showing correction request portal or process
  • Training records demonstrating staff awareness of accuracy obligations
  • Audit trail or change log showing corrections applied to personal data records
  • Data validation rules or configuration in your systems preventing inaccurate entry

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automates data subject correction request workflows, tracks correction timelines, and schedules periodic accuracy audits across your data inventory—eliminating manual tracking and ensuring you meet GDPR A5-04 deadlines consistently.

See how GRCWatch handles this control automatically

Start free trial

Related controls

GDPR A5-01 — Lawfulness, Fairness, TransparencyGDPR A5-02 — Purpose LimitationGDPR A5-03 — Data MinimizationGDPR A6 — Lawful BasisGDPR A16 — Right to RectificationGDPR A17 — Right to Erasure