This blog is for any small organisation looking for simple tips on how to handle data protection complaints.
If you’re dealing with an active data protection complaint, read our simple guide on how to deal with data protection complaints as a small business.
1. Keep good records
Keeping your records up to date and organised will help you find all the information you need quickly and efficiently.
2. Write a data complaints procedure
Tell staff how to handle a complaint, such as by writing down the different steps in a simple guide. This should include what they need to record and who to notify if someone has complained.
3. Create a template
It’s helpful to create a template letter or email for your acknowledgment and complaint responses. Although you should still adapt the content to suit the issue, a template means you can respond quickly and consistently. Regularly review this template to make sure it still fits your needs.
4. Train your staff (if you have any)
Reduce the likelihood of receiving complaints by training your staff to recognise information rights requests and handle personal data correctly. You also need to check your staff know what to do when someone makes a data protection complaint. This will help things to run smoothly when you’re not there.
5. Review feedback
Regularly review feedback and complaints that customers send you. This will help you understand how to improve your services for the future and avoid repeating any mistakes.
Example
For example, Amit is a solicitor. He receives a complaint from Jodie about information missing from his response to her recent subject access request.
Amit acknowledges Jodie’s complaint and investigates it. He finds out the information was missing from the response because the relevant file was in Jodie’s birth name, which she’s since changed.
Amit replies with the missing information and a clear explanation about why he didn’t provide it previously. He tells Jodie what action she can take if she remains unhappy with his response. Amit also decides that checking people’s identity at an early stage, including name changes and spelling verification, would help to avoid similar complaints in the future.
Also see:
- Your beginner's guide to data protection
- 11 practical ways to keep your IT systems safe and secure
- Four simple ways to make your next subject access request easier to handle
- What are some of the most common data protection complaints the ICO receives about small businesses?
- What data protection training should I give to my staff, and how often?