Data Protection Complaints Procedure
Light and Shade CCS is committed to protecting the privacy and personal data of all clients, staff, volunteers, and other individuals whose information we process. We take all data protection concerns and complaints seriously and aim to resolve them promptly, fairly, and transparently.
Making a Complaint
Any individual who believes that their personal data has been handled incorrectly, unlawfully, or in breach of data protection legislation may submit a complaint verbally or in writing to the Data Protection Lead or Practice Manager. In this case Joanne Gibson, the director and manager or the assistant manager Andrea Rabias.
The complaint should include:
- The individual’s name and contact details.
- A description of the data protection concern.
- Relevant dates and any supporting information or documentation.
- The outcome they are seeking, where appropriate.
Handling the Complaint
Upon receiving a complaint, we will: 1. Acknowledge receipt within five working days. 2. Record the complaint securely and confidentially. 3. Review the circumstances surrounding the concern, including any relevant records, policies, and procedures. 4. Speak with relevant staff members where necessary while maintaining confidentiality. 5. Assess whether there has been a breach of data protection legislation or organisational policy. 6. Identify any corrective actions required to resolve the issue and prevent recurrence.
Response
We aim to provide a written response within one calendar month of receiving the complaint. If the matter is particularly complex and requires additional time, we will inform the complainant of the reason for the delay and provide an updated timescale.
Our response will explain:
- The outcome of the investigation.
- Any findings.
- Any actions taken or proposed.
- Information about further options if the complainant remains dissatisfied.
Escalation
If the complainant is not satisfied with our response, they may request an internal review. They also have the right to raise their concerns with the UK’s Information Commissioner’s Office (ICO), the independent authority responsible for upholding information rights and enforcing data protection law.
Continuous Improvement
All data protection complaints are reviewed to identify opportunities to improve our policies, procedures, staff training, and information governance practices. Records of complaints are retained securely in accordance with our data retention policy.
“You are never too old to set another goal or to dream a new dream” By C.S.Lewis
