ARTICLE
29 April 2014

Data Protection Complaints – ICO Issues New Guidance

CR
Charles Russell Speechlys LLP

Contributor

Charles Russell Speechlys LLP logo

We are an international law firm with a focus on private capital, at the intersection of personal, family and business. We have a broad range of skills and collective legal expertise and experience with an international outlook across the full spectrum of business and personal needs. Our firm is headquartered in London with offices across the UK, Europe, Asia and the Middle East. Whether your business operates in a single country or across borders, we’ll put together your perfect team – pulling from our sector and geographical expertise and our partnerships with the best law firms across the world covering 200 legal jurisdictions.

Explore Firm Details
The Information Commissioner’s Office has published new guidance on complaint handling, in its capacity as the data protection regulator.
United Kingdom Privacy
Amanda Bursk

Following a public consultation at the end of 2013, the Information Commissioner's Office (ICO) has published new guidance on complaint handling, in its capacity as the data protection regulator.

The ICO had expressed concern that the number of customers asking it for advice has increased every year. In 2012/2013 it dealt with just over 40,000 written enquiries about data protection and nearly 214,000 phone calls from individuals, however the ICO assessed that only 35% of the complaints dealt with involved a breach of legislation.

The new guide highlights that data controllers are expected to respond to complaints by individuals in the first instance and must clarify how they have processed the individual's personal information and explain how they will put right anything that has gone wrong. Therefore the emphasis is that data controllers should try to resolve more issues themselves before the ICO is involved, however consumers can still refer a case to the ICO if they are not satisfied that their complaint has been dealt with adequately by the data controller. Individuals will be required to produce copies of documents evidencing their concern, together with their relevant correspondence with the data controller. The data controller will be expected to provide evidence of how they have tried to deal with the concern and this evidence will be used by the ICO to help it to judge the severity of a potential breach and whether it should pursue enforcement action. The ICO has said that it will keep a record of the concerns raised about an organisation for future regulatory purposes.

The new guidance should aid the ICO to reduce its workload but the ICO has stated that it would provide more resources into cases where it believes that a decision will improve data protection practice.

The outcome of this new guidance is that data controllers will need to be vigilant when receiving a complaint from an individual about the processing of personal data as they will need to be able to provide evidence that they have adequate procedures in place for the handling of complaints, which are then carried out in a satisfactory manner and well documented.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Amanda Bursk
Amanda Bursk
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More