The Draft ICO Complaints Guidance: What’s Changing

🕑 Estimated read time: 2 minutes - Friday 26th September 2025

The ICO is currently consulting on draft changes that would require organisations to take on more responsibility for internal complaint resolution before issues escalate. Under the new rules, individuals would have a right to complain directly to controllers (not just to the ICO) under the Data (Use and Access) Act, and organisations must have transparent, effective procedures in place.

This is designed to reduce the burden on the ICO and ensure that data protection complaints are resolved closer to the source.

Who This Affects

- Organisations of all sizes that process personal data
- Charities, schools, SMEs, or tech ventures facing DSARs / data requests / complaints
- Organisations with volunteer programs, customer data, or public-facing services

Key Changes Proposed & Why They Matter

- Controllers must offer a mechanism to accept complaints, acknowledge them, investigate, and inform complainants of outcomes.
- Complaints handling will need to be formalised, documented, and measurable.
- This builds accountability before the ICO gets involved, helping regulators focus on the most serious cases.

What You Should Do Before the Consultation Closes

1. Review your existing complaints / DSAR / feedback processes.
2. Map whether they meet the proposed standards (acknowledgement, timeframes, feedback loops).
3. Prepare to update your policies and procedure documents.
4. Consider responding to the ICO consultation (deadline mid‑October).
5. Train staff who handle data requests or complaints so they know the new expectations.

Final Thought

The shift toward more internal accountability is not about burdening organisations — it’s about building trust and resolving issues early. Organisations that get this right ahead of time will gain credibility with regulators and stakeholders.

📩 DM me if you’d like a quick audit of your complaints process — or visit mediajemcompliance.com / email info@mediajemcompliance.com to explore compliance support.