Data protection complaints

There is no requirement in the UK GDPR for organisations to deal with data protection complaints. The only complaint-handling obligations fall on the ICO. However, the ICO obviously considers it good practice for organisations to have complaints procedures, as it provides guidance on handling data protection complaints, including providing a data protection complaints process. The ICO’s Data protection complaints tool for data subjects indicates that the ICO will generally not deal with a complaint unless:

•
it has first been made to the relevant organisation, and
•
a period of 30 days has elapsed since the complaint was made

The right to complain

Data subjects have the right to lodge a complaint with the ICO, where they consider their personal data has been processed in a way that breaches the UK GDPR. They can also complain to the ICO via a not-for-profit body, organisation or association. The ICO is required to investigate complaints to the extent appropriate and inform the complainant of the progress and outcome of the investigation within a reasonable period.

There is no corresponding right to make a complaint to the data controller, ie to your

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Practice Compliance News

HM Treasury issues advisory on Oil Price Cap evasion tactics

HM Treasury (HMT)and the Office of Financial Sanctions Implementation (OFSI) have released an advisory concerning the Oil Price Cap (OPC) regime. The guidance specifically addresses evasion strategies involving the manipulation of product origin through the use of fabricated and falsified Certificates of Origin (CO). This advisory aims to alert relevant parties to the risks associated with such practices and to enhance compliance efforts within the oil trade sector.

Practice Compliance weekly highlights—21 November 2024

This week's edition of Practice Compliance weekly highlights includes: the latest financial sanctions updates, three new consultations from the Solicitors Regulation Authority (SRA) on client money management and consumer protection, initiation of a consultation for legal regulators to combat economic crime by the Legal Services Board (LSB), and new guidance from the SRA on internal investigations, together with a suite of guidance for in-house solicitors.

New Practice Compliance forecast as at 20 November 2024

Our new Practice Compliance forecast (as at 20 November 2024) is now live. This month we report on items including: (1) publication of the long-awaited government guidance on the failure to prevent fraud offence; (2) consultation by the Financial Action Task Force (FATF) on proposed changes to FATF Standards and updates to grey listing criteria by FATF to increase focus on risk; (3) Transparency proposals and future Scheme Rules changes by the Legal Ombudsman (LeO), and (4) SRA consultation on the publication of regulatory decisions, updates to financial penalty regime and client money in legal services.