Data protection complaints

Copyright © 2025 LexisNexis

There is no obligation for organisations to deal with data protection complaints and the right of complaint under the UK GDPR is to the Information Commissioner’s Office (ICO). However, the Data (Use and Access) Act 2025 will impose complaint-handling obligations on commercial organisations. In the meantime, guidance and tools published by the ICO make it clear that the ICO will not usually deal with a data protection complaint unless it has first been raised with the organisation to which the complaint relates.

The right to complain

Data subjects have the right to lodge a complaint with the ICO, where they consider their personal data has been processed in a way that breaches the UK GDPR. They can also complain to the ICO via a not-for-profit body, organisation or association. The ICO is required to investigate complaints to the extent appropriate and inform the complainant of the progress and outcome of the investigation within a reasonable period.

There is no corresponding right to make a complaint to the data controller, ie to your organisation. Any complaints process you introduce is therefore voluntary. However, The Data (Use and Access) Act 2025

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Risk & Compliance News

Risk & Compliance weekly highlights—18 September 2025

This week's edition of Practice Compliance weekly highlights includes our new compliance forecast, OFSI’s annual frozen assets reporting notice for 2025, renewed pressure on the UK government to introduce cyber regulation reform, clarification from the ICO on myths surrounding storage and access technologies and the House of Commons’ rejection of House of Lords amendments to the Employment Rights Bill.

New Risk & Compliance forecast as at 16 September 2025

Our new Risk & Compliance forecast (as at 16 September 2025) is now live. This month we report on items including (1) the ICO’s guidance on smart data and data portability; (2) the EDPB consultation on guidelines regarding the interplay between the DSA and GDPR; (3) OFSI’s frozen assets reporting for 2025 and (4) the government’s 2025 sanctions perception survey.

House of Commons rejects latest House of Lords amendments to the ERB

On 15 September, the House of Commons overturned the amendments made by the House of Lords to the Employment Rights Bill (ERB) during the Third Reading. The Lords proposed a number of amendments, including: a six-month qualifying period to claim unfair dismissal, an right to request guaranteed hours, and a weakening of the provisions on fire and rehire. The House of Commons instead chose to reinstate the government’s original provisions.

UK government faces fresh pressure to introduce cyber regulation reform

MLex: UK companies are still awaiting the Cyber Security and Resilience Bill, as lawmakers this week renewed pressure on the government to introduce the legislation as soon as possible. The Bill is expected to align with Directive (EU) 2022/2555 (NIS 2 Directive) and to expand regulatory duties across critical sectors. But following a cabinet reshuffle, the government refused to give a timeline when questioned on 10 September 2025, saying only that it would be introduced ‘when parliamentary time allows’.

View Risk & Compliance by content type :
News
Practice notes
Precedents
Q&As

Popular documents

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an
If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit

Contributory negligence in personal injury claims

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an