Article 16
Right to rectification
(25) Whereas the principles of protection must be reflected, on the one hand, in the obligations imposed on persons, public authorities, enterprises, agencies or other bodies responsible for processing, in particular regarding data quality, technical security, notification to the supervisory authority, and the circumstances under which processing can be carried out, and, on the other hand, in the right conferred on individuals, the data on whom are the subject of processing, to be informed that processing is taking place, to consult the data, to request corrections and even to object to processing in certain circumstances;
Regulation
Art. 16 The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. |
Directive
Art. 12 Member States shall guarantee every data subject the right to obtain from the controller: (a) without constraint at reasonable intervals and without excessive delay or expense: - confirmation as to whether or not data relating to him are being processed and information at least as to the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed, - communication to him in an intelligible form of the data undergoing processing and of any available information as to their source, - knowledge of the logic involved in any automatic processing of data concerning him at least in the case of the automated decisions referred to in Article 15 (1); (b) as appropriate the rectification, erasure or blocking of data the processing of which does not comply with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data; (c) notification to third parties to whom the data have been disclosed of any rectification, erasure or blocking carried out in compliance with (b), unless this proves impossible or involves a disproportionate effort. |
Serbia
|
Austria
In force until May 25, 2018: Right to Rectification and Erasure § 27 DSG 2000 (1) Every controller shall rectify or erase data that are incorrect or have been processed contrary to the provisions of this federal law. 1. on his own, as soon the incorrectness of the data or the inadmissibility of the processing becomes known to him, or 2. on a well-founded application by the data subject. The obligation to rectify data according to sub-para. 1 shall apply only to those data whose correctness is significant for the purpose of the data application. The incompleteness of data shall only justify a claim to rectification if the incorrectness, with regard to the purpose of the data application, results in the entire information being incorrect. As soon as data are no longer needed for the purpose of the data application, they shall be regarded as illegally processed data and shall be erased unless their archiving is legally permitted and unless the access to these data is specially secured. Any further use for another purpose shall be legitimate only if a transmission of the data for this purpose is legitimate; the legitimacy of further uses for scientific or statistical purposes is laid down in §§ 46 and 47. (2) It shall be the obligation of the controller to prove that the data are correct unless specifically provided otherwise by law insofar as the data have not been collected exclusively based on statements made by the data subject. (3) No rectification or erasure of data is possible insofar as the documentation purpose of a data application does not permit later changes. In such case, the necessary rectifications shall be effected by means of additional comments. (4) The application for rectification or erasure shall be complied with within eight weeks after receipt and the applicant shall be informed thereof, or a reason in writing shall be given why the requested erasure or rectification was not carried out. (5) In the areas of the executive responsible for the fields described in § 26 para. 2 sub paras. 1 to 5, the following procedure shall be applied to applications for rectification or erasure, insofar as this is required to safeguard those public interests that require secrecy: The rectification or erasure shall be carried out if the demands of the data subject are justified in the opinion of the controller. The required information pursuant to para. 4 shall in all cases be that a check of the data files of the controller with regard to the application for rectification or erasure has been performed. The legality of this course of action is subject to review by the Data Protection Authority according to § 30 para. 3 and the special complaint proceeding before the Data Protection Authority pursuant to § 31 para. 4. (6) If the erasure or rectification of data kept solely on media readable by means of automatic processing systems can be carried out only at specific times for economic reasons, the data to be erased shall be kept inaccessible and a correcting remark shall be attached the data that are to be corrected. (7) If data are used whose correctness is disputed by the data subject, and if neither their correctness nor incorrectness can be established, an entry about the dispute shall be attached upon request by the data subject. The entry about the dispute shall be erased only with the consent of the data subject or on grounds of a decision of the competent court of law or of the Data Protection Authority. (8) If data that were rectified or erased in terms of para. 1 were transmitted before having been rectified or erased, the controller shall inform the recipient of the data by appropriate means, insofar as this does not constitute an unreasonable effort, in particular with regard to a legitimate interest in the information, and that the recipient can still be determined. (9) The provisions of para. 1 to 8 shall be applied to the criminal records, kept according to the Criminal Records Act 1968 as well as to public books and registers kept by public sector controllers only insofar as 1. the obligation to rectification and erasure ex officio or 2. the procedure to assert and the competence to decide applications to rectification and erasure of data subjects is not regulated otherwise by federal law. |