What is Right to Restrict Processing?

The right to restriction of processing, established under Article 18 of the GDPR, allows data subjects to request that a controller limits its processing activities in specific circumstances: when the data subject contests the accuracy of the data (for a period enabling verification), when the processing is unlawful and the data subject opposes erasure, when the controller no longer needs the data but the data subject requires it for legal claims, or when the data subject has objected to processing pending verification of legitimate grounds.

When processing is restricted, the data may only be stored and not further processed without the data subject's consent, except for legal claims, protection of another person's rights, or important public interest reasons. Before the restriction is lifted, the controller must inform the data subject. The controller must also communicate the restriction to any recipients to whom the data has been disclosed.

ComplyIQ tracks restriction requests and ensures that restricted data is flagged across all processing systems. Integration with ProtectIQ enables technical enforcement of processing restrictions by applying access controls that prevent unauthorized use of restricted data while maintaining its storage.