PRIV- 5 Personal Data Update Notification

What is this control about?

Implementing the control ‘Personal Data Update Notification’ is crucial for organizations that handle personal data because it helps ensure the accuracy and integrity of the data they possess. This control involves notifying individuals when their personal information undergoes any updates or changes. When individuals are promptly informed about updates to their personal data, they can review the changes and verify their accuracy.

Available tools in the marketplace

Tools:

N/A

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• Personal Data Update Notification Form Template

Control implementation

Here are some guidelines to implement a Personal Data Update Notification Tracking program:

• Identify Personal Data Fields: Work with the data privacy and business teams to identify the personal data fields that require update notifications. These could include contact information, account details, preferences, or any other sensitive information that individuals may need to be informed about.
• Determine Notification Triggers: Define the events or actions that will trigger a data update notification. For example, a notification may be triggered when an individual updates their email address, phone number, or changes their communication preferences.
• Select Notification Channels: Determine the appropriate notification channels for sending updates to individuals. Common channels include email, SMS, in-app notifications, or postal mail. Consider the preferences of data subjects and comply with relevant data protection regulations.
• Configure Data Update Workflow: Design a workflow that manages data updates and triggers the notification process. This could involve integrating the data update function with existing systems, such as customer relationship management (CRM) software or identity and access management (IAM) solutions.
• Create Personalized Notifications: Develop notification templates that address individuals by name and provide clear information about the data change. Personalized notifications increase user trust and help to avoid confusion about the update.
• Implement Consent Mechanism: Ensure that individuals have provided consent to receive data update notifications. This is essential to comply with data protection regulations and avoid sending unsolicited communications.
• Test Notification Process: Conduct thorough testing of the notification process to ensure that updates trigger the correct notifications and are delivered through the chosen channels. Test various scenarios to identify and address any potential issues.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

1. An example of notification templates
2. An example of a data notification to an affected individual.

Evidence example

For the suggested action, an example is provided below:

• An example of notification templates

Use this Personal Data Update Notification Form Template

• An example of a data notification to an affected individual

This will be the above, but fully signed by both parties.