And Dreams Digital Logo Get A Quote

How do I File a GDPR Complaint

HomeGDPRHow do I File a GDPR Complaint
How do I File a GDPR Complaint
  • March 14, 2023
  • GDPR
  • 5mins read

National Data Protection Authorities commonly provide an online form on their website for submitting complaints. If you believe that your personal data has been mishandled by an organization, you can file a GDPR complaint. Here are the steps you can take:

1. Identify the Organization

First, identify the organization that you want to file a complaint against. This could be any organization that collects or processes your personal data, such as a website, a social media platform, or a company.

2. Contact the Organization

Before filing a complaint, try contacting the organization directly to see if they can address your concerns. You can usually find contact information on their website or in their privacy policy.

3. Contact the Data Protection Authority (DPA)

If the organization is not able to address your concerns or if you don’t receive a response, you can file a complaint with the Data Protection Authority in your country. You can find a list of DPAs in the EU on the European Data Protection Board’s website.

4. Provide Details of the Complaint

When filing a complaint, provide as much detail as possible about the organization’s handling of your personal data and how it violates GDPR regulations. You should include any relevant documentation or evidence that supports your complaint.

5. Follow Up

Once you file a complaint, the DPA will investigate the matter and may ask you for more information. It’s important to be responsive and provide any additional information that is requested.

Remember, you have the right to file a complaint under the GDPR, and organizations are required to take data protection seriously.

Response Time

Under the GDPR, companies have a maximum of one month to respond to a data subject’s request, including a complaint. This deadline can be extended by an additional two months if the request is complex or numerous, but the company must inform the data subject of the extension and explain the reasons for it within one month of receiving the request.

The deadline for companies to respond to data subject requests and complaints is outlined in Article 12 of the GDPR. Specifically, Article 12(3) states that “The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request.” The same timeframe applies to responding to complaints under the GDPR.

In the case of a complaint, the company should acknowledge receipt of the complaint as soon as possible and provide an initial response within one month. If the investigation into the complaint is likely to take longer than one month, the company should inform the data subject of the reasons for the delay and provide regular updates on the progress of the investigation.

What should I do when company does not response my request?

If a company does not respond to your GDPR-related email or request within the specified time frame, you have several options:

  1. Send a follow-up email: You can send a follow-up email to the company reminding them of your original request and the GDPR requirements for response time. Be sure to include any relevant reference numbers or documentation from your original request.
  2. Contact the company’s Data Protection Officer (DPO): Every company that processes personal data under GDPR is required to appoint a DPO. You can contact the DPO and explain your situation, and they may be able to help escalate your request within the organization.
  3. File a complaint with the Data Protection Authority (DPA): If the company continues to be unresponsive, you can file a complaint with the DPA in your country. The DPA will investigate the matter and may be able to help you get a response from the company.
  4. Seek legal advice: If your request is urgent and you believe the company is in violation of GDPR, you may want to consider seeking legal advice or representation. A lawyer who specializes in GDPR can help you understand your rights and options and may be able to help you resolve the issue more quickly.

You can also complain to the European Data Protection Board (EDPB) if you believe that an organization has violated the GDPR. The EDPB is an independent EU body that is responsible for ensuring consistent application of the GDPR across the EU.

To file a complaint with the EDPB, you can complete an online form on the EDPB’s website. You will need to provide information about the organization you are complaining about, the nature of your complaint, and any relevant evidence or documentation. The EDPB will review your complaint and may investigate the matter if they believe that the organization has violated the GDPR.

It’s important to note that the EDPB does not provide individual remedies or compensation. However, they can take action to enforce GDPR compliance and may work with national data protection authorities to resolve the issue.

You can find the online complaint form for the European Data Protection Board (EDPB) at the following link: https://edpb.europa.eu/about-edpb/board/members_en

Once you reach this page, click on the “Complaints” tab, and you will find information about how to file a complaint with the EDPB. You can also find additional information about the EDPB and its role in enforcing GDPR compliance on their website.

Sample E-mail

Subject: Request for information on GDPR compliance

Dear [Organization Name],

I am writing to request information about the protection of my personal data under the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). I believe that your organization collects and processes my personal data, and I would like to know if you are compliant with GDPR regulations.

As a data subject under GDPR, I have the right to know how my personal data is being used and protected by your organization. Specifically, I would like to exercise my rights under Articles 15, 16, and 17 of the GDPR, and request the following information:

  • What personal data do you collect and process about me? (Article 15)
  • How do you use my personal data? (Article 15)
  • How do you protect my personal data from unauthorized access, disclosure, or misuse? (Article 32)
  • Do you share my personal data with third parties? If so, who are these third parties and for what purposes? (Article 15)
  • I would appreciate it if you could provide me with this information in writing, as soon as possible. Please note that under Article 12 of the GDPR, you are required to respond to this request without undue delay and in any event within one month of receipt of this request.

Thank you for your attention to this matter. If you require any further information from me to fulfill this request, please let me know.

Sincerely,

[Your Name]

Make a complaint, What should I do if I think that my personal data protection rights haven’t been respected?

Share :

Experienced founder with a demonstrated history of working in the advertisement industry. Skilled in Advertising, Social Media Marketing, Product Marketing, Photography, Post Production and Business Strategy. Strong business development professional graduated from computer engineering.

Related Post
  • August 16, 2023

Protecting Your Brand from Fraud

  • March 27, 2023

The Role of SOC 2 Audits

  • January 26, 2023

The ePrivacy Regulation

  • January 22, 2023

GDPR for Startups: A Practical Guide

  • January 3, 2023

Setting Up Newsletters for GDPR Compliance