Privacy Rights Guidance

Logging and tracking requests

Your organisation logs receipt of all verbal and written requests from individuals and updates the log to track the handling of each request.

Logging and tracking requests

Resources

You have appropriate resources in place to handle requests from individuals about their personal information.

Resources

Errors or Omissions

Your organisation has appropriate systems and procedures to change inaccurate information, add additional information to incomplete records or add a supplementary statement where necessary.

Errors or Omissions

Timely responses

You deal with requests from individuals in a timely manner that meets individual expectations and statutory timescales.

Timely responses

Monitoring and evaluating performance

Your organisation monitors how your staff handle requests and you use that information to make improvements.

Monitoring and evaluating performance

Informing individuals & identifying requests

You inform individuals about their rights and all team members are aware of how to identify and deal with both verbal and written requests.

Informing individuals & identifying requests

Privacy Concerns & Complaints

Your organisation has procedures to recognise and respond to individuals' complaints about information privacy & protection, and individuals are made aware of their right to complain.

Privacy Concerns & Complaints

Data portability

Individuals are able to move, copy or transfer their personal information from your organisation to another securely, without affecting the data.

Data portability

Restriction

Your organisation has appropriate methods and procedures in place to restrict the processing of personal information, if required.

Restriction

Erasure

You have appropriate methods and procedures in place within your organisation to delete, halt, or stop processing personal information, if required.

Erasure

Rights related to automated decision-making and profiling

Your organisation can protect individual rights related to automated decision-making and profiling, particularly where the processing is solely automated with legal or similarly significant effects.

Rights related to automated decision-making and profiling