GDPR Made Clear: Accuracy

October 31st 2025

GDPR Accuracy Principle for Cultural Organisations

When it comes to personal data, accuracy isn’t optional – it’s a legal requirement. Under UK GDPR, cultural organisations must take reasonable steps to ensure the data they hold is correct, up to date, and not misleading. That means:

  • Checking the accuracy of data you collect
  • Recording where it came from
  • Updating it when needed
  • Correcting or deleting it if it’s wrong

What Does ‘Accurate’ Mean?

The law defines inaccurate data as anything “incorrect or misleading as to any matter of fact.” That includes outdated addresses, misrecorded job titles, or assumptions presented as facts. But it doesn’t mean rewriting history – a record showing someone used to live in Manchester is still accurate, even if they’ve moved.

What About Mistakes?

Mistakes happen – and sometimes you need to keep a record of them. If a penalty was issued and later cancelled, the record should reflect both events. The key is clarity: make sure it’s obvious that an error occurred and was corrected.

What About Opinions?

Opinions aren’t facts, but they still count as personal data. To meet the GDPR accuracy principle, cultural organisations should:

  • Clearly label opinions as such
  • Record whose opinion it is
  • Note if the opinion was based on incorrect data

If someone challenges an opinion, it’s good practice to record their objection – even if you don’t agree.

A Word of Warning

If your organisation receives a subject access request, those recorded opinions may need to be disclosed. Make sure staff understand the risks of recording subjective views, and keep documentation factual, fair, and necessary.

Does Data Always Need To Be Up-To-Date?

Not always. It depends on what you’re using it for. If you’re sending out tickets or paying staff, yes – you need current data. But if you’re keeping records for research or archiving, updating might defeat the purpose. Use common sense, and consider the privacy risks.

What Counts As ‘Reasonable Steps’?

That depends on the context. If the data could affect someone’s job, health, or finances, you need to be thorough. That might mean verifying qualifications, checking references, or confirming addresses. If you’re relying on third-party data, record the source and be ready to correct it if challenged.

What If Someone Says Their Data Is Wrong?

You must take it seriously. Individuals have the right to have inaccurate data corrected. You’re expected to act promptly – and you must respond within one calendar month. Sometimes that means updating the record. Sometimes it means deleting it. Either way, you need a clear process for handling challenges.

Final Thoughts

Accuracy isn’t about perfection – it’s about responsibility. For cultural organisations, that means making sure the data you hold reflects reality, is fit for purpose, and can be trusted by the people it’s about. It’s not just a legal requirement – it’s a matter of respect, transparency, and good practice.

What’s Next?

Next in our GDPR seven principles series is Storage Limitation – a principle that focuses on how long personal data should be kept and when it’s time to securely dispose of it. We’ll look at what the UK GDPR says about retention, how to set appropriate timeframes, and why less really can be more when it comes to data storage.

Get In Touch

If you’re a cultural organisation looking for tailored support, plain English policies, or practical training that empowers your team, we’d love to help. Get in touch for a free 30-minute consultation.

Leave a Reply