Small businesses can follow a six-step guide from the UK DPA (Information Commissioner’s Office or ICO) on handling their data protection complaints.
This manual was created by the ICO to assist small businesses in responding to complaints regarding the usage of customers’ personal information. You’ll also find it helpful if you run a small charity, group, club, or small business.
Step one – Acknowledge
Inform the customer that you have received their data privacy complaint and are reviewing it as soon as you can. Include details in your response on what you’ll do at each phase. Give them a point of contact and let them know when they can anticipate more information from you.
For instance, if you have a complaints procedure, you could offer them a link to it.
ICO Tip! Information on how people can file complaints regarding data protection, how you’ll address them, and how long it will take may be included in an acceptable complaints procedure.
Step two – Investigate
Any issues regarding data protection should be resolved as quickly as possible. Initially, try to learn as much as you can. You must gather all the relevant data as completely, fairly, and accurately as you can. Ask your customer for more details if you need to. Make sure to cross-reference your data with the specifics of their complaint.
You’ll be in a better position to solve the issue the more you comprehend it.
Step three – Update
Follow up on your initial response if the investigation is expected to take some time. Inform them, so they are aware of your efforts to fix the problem. When feasible, speak plainly rather than using technical or legal vocabulary.
People will feel more trusted if you keep them well-informed, and if everyone is aware of what to expect, everything will go more easily.
Step four – Record
Keep track of when you got the data protection complaint and when you are required to respond.
Keep a record of all important conversations and copies of any relevant paperwork, including the reasoning behind your decisions and any actions you take—or don’t take—from beginning to end. Additionally, it will offer proof of your actions that the ICO or other industry organizations may require in the future.
Image source from ICO.org.uk
Step five – Respond
Once your research is complete, inform the subject of the results. Indicate exactly what you did to address the data protection issue and any subsequent steps you took. Give them enough details so they can see how you arrived at your conclusion. It may be helpful to list the areas of concern in bullet points and address each one, when possible, by including relevant proof.
Additionally, you must inform the complainant of their right to file a complaint with the ICO.
ICO tip! Keep your terminology simple, precise, and clear. This will assist in conveying your message to your client and aid in preventing any misconceptions. Give your consumer your contact information so that they can, if necessary, ask more questions.
Step six – Reflect!
After you’ve addressed the complainant, use the time to reflect on what occurred. Ask yourself whether there is anything you can learn or do better to stop complaints in the future. If you frequently notice a high volume of complaints in comparable areas, a suitable tweak can make a world of difference.