Elaboration and Developing Privacy Policy Guideline — Ninth: Complaint and Objection Filing Mechanism says that controllers must provide Data Subjects with a clear, accessible way to file complaints or objections, especially when their rights have not been fulfilled. The process should identify the responsible department, response timelines, and how to escalate to the Competent Authority if needed.
Ninth: Complaint and Objection Filing Mechanism
The Controller shall provide a mechanism for filing complaints and objections if there is a complaint by Data Subjects, such as failure to enable them to exercise their rights related to the processing of Personal Data within the period specified in the Clause (Eighth) above, or if there are objections to processing. This can be made by determining the name of the department or division involved in receiving and processing complaints, its contact details, and the period specified for processing such complaints, in addition to providing information about the Competent Authority in the event of Data Subjects’ dissatisfaction with the results of complaint processing by the Controller.
Explanation of Ninth: Complaint and Objection Filing Mechanism
Clear process:
Elaboration and Developing Privacy Policy Guideline — Ninth: Complaint and Objection Filing Mechanism requires Controllers to designate a department or unit responsible for receiving and handling complaints or objections and to include contact information such as email or phone number.
When to expect reply:
Elaboration and Developing Privacy Policy Guideline — Ninth: Complaint and Objection Filing Mechanism instructs Controllers to specify how long it takes to process complaints, particularly those related to the exercise of data subject rights.
If not resolved:
Elaboration and Developing Privacy Policy Guideline — Ninth: Complaint and Objection Filing Mechanism mandates that privacy policies must inform Data Subjects about their right to escalate unresolved complaints to the Competent Authority (SDAIA).
