Data protection complaints process for small businesses
A good process is not complicated. It needs to be clear enough for customers or clients and practical enough for you to use when a complaint arrives.
What is a data protection complaint?
A data protection complaint is a concern about how a business handles personal data. It might relate to privacy, access, accuracy, retention, security, marketing, or how a request was handled.
What should your public wording say?
Your website or privacy policy should tell people how to complain, what information to include, when they should expect an acknowledgement, and how the complaint will be reviewed.
What should your internal process include?
Keep a short written procedure that explains who reviews complaints, how you record them, how you investigate, how you update the person, and how you record the outcome.
Why does the complaint log matter?
If a complaint escalates, your log helps show what arrived, when you acknowledged it, what you reviewed, what outcome you sent, and when the matter was closed.
