Article 19 of the GDPR: Obligation to notify in the event of rectification or erasure of personal data or limitation of processing
Article 19 of the GDPR explained
Where personal data has been rectified, erased or is subject to limitation (under Articles 16, 17 and 18), the controller must notify each recipient to whom the data was communicated.
He must also inform the person concerned from these recipients, if requested.
Why is this article important for your GDPR compliance?
This article ensures a consistency in updating or deleting data, even when shared with third parties. It is crucial to prevent recipients from continuing to process outdated or non-compliant data.
How to comply with Article 19 of the GDPR?
- Hold one clear register of recipients to whom you transmit personal data.
- Automate notifications when rectified, deleted or limited.
- Inform data subjects of third parties who have received their data upon simple request.
- Keep proof of notifications sent.
Examples of application of Article 19 of the GDPR
- A company rectifies an error in a customer's data and notifies its marketing subcontractors.
- After deleting a user profile, the email provider is also notified to update its files.
- An employee asks to know which HR departments were informed of the change in his last name.
Related Resources
Accelerate your compliance in just a few clicks
- Automate your compliance with our GDPR software
- Supported or outsourced by our DPO experts
- Raise awareness among your teams with our GDPR training e-learning
👉 Request a demo with an expert
⚡ Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis:
