The ICO exists to empower you through information.

This blog is for any small organisation looking for simple tips on how to handle data protection complaints.

If you’re dealing with an active data protection complaint, read our simple guide on how to deal with data protection complaints as a small business.

1. Keep good records

Keeping your records up to date and organised will help you find all the information you need quickly and efficiently.

2. Write a data complaints procedure

Tell staff how to handle a complaint, such as by writing down the different steps in a simple guide. This should include what they need to record and who to notify if someone has complained.

3. Create a template

It’s helpful to create a template letter or email for your acknowledgment and complaint responses. Although you should still adapt the content to suit the issue, a template means you can respond quickly and consistently. Regularly review this template to make sure it still fits your needs.

4. Train your staff (if you have any)

Reduce the likelihood of receiving complaints by training your staff to recognise information rights requests and handle personal data correctly. You also need to check your staff know what to do when someone makes a data protection complaint. This will help things to run smoothly when you’re not there.

5. Review feedback

Regularly review feedback and complaints that customers send you. This will help you understand how to improve your services for the future and avoid repeating any mistakes.

Example

For example, Amit is a solicitor. He receives a complaint from Jodie about information missing from his response to her recent subject access request.

Amit acknowledges Jodie’s complaint and investigates it. He finds out the information was missing from the response because the relevant file was in Jodie’s birth name, which she’s since changed.

Amit replies with the missing information and a clear explanation about why he didn’t provide it previously. He tells Jodie what action she can take if she remains unhappy with his response. Amit also decides that checking people’s identity at an early stage, including name changes and spelling verification, would help to avoid similar complaints in the future.