The Controller is legally obliged to thoroughly check your data before any processing begins. They must ensure it is: 

• Accurate: Verified and error‑free, so decisions aren’t based on incorrect info 

• Completeness – Ensure all critical information is included. If essential fields (like contact details) are missing, the Controller must collect or complete them. 

• Timeliness – Keep the data up to date. Outdated entries (such as an old address) must be updated or flagged. 

• Relevance – Process only the data necessary for the stated purpose. Including unnecessary data is not permitted. 

These checks are critical, not an afterthought and must be documented via validation rules, audit logs, or data-governance reports to prove compliance

It is a continuous responsibility, which means: 

• Regular assessments must take place such as scheduled audits or automated system checks that flag outdated, incomplete, or irrelevant data. 

• Continuous monitoring should run alongside data processing to detect data quality issues in real time. 

• Documentation of reviews is required. Every assessment or corrective action must be recorded so the Controller can prove that data has been properly maintained and routinely validated.

Article 14 specifies clear corrective steps: 

• Correct or complete – If data is found to be inaccurate or missing key details, the Controller must promptly update it. 

• Exclude or delete – If data is irrelevant or no longer needed, it must be excluded from processing or permanently deleted. 

• Maintain a record – The Controller must log every change, detailing what was modified or removed, when it happened, why it was necessary, and who performed it. This creates an essential audit trail for compliance.