If you are concerned that your data protection rights have not been respected and have not managed to resolve the matter with the organisation involved, you can make a complaint to us.
Individuals are at the heart of data protection legislation. The Law contains legal rights and responsibilities and specifically aims to strengthen individuals’ rights.
In addition to your 10 rights, local entities who decide how your personal data is used must adhere to these seven principles outlined in our local data protection legislation.
If you feel your rights (or someone else’s) are not being respected, in the first instance this is what you need to do:
Contact the entity (the organisation or person) who you think may be mis-using personal data, in writing, and explain to them which of your 10 rights you want to exercise, where appropriate. Make sure you keep a copy of your letter. Remember that whilst you can make this request – they may be able to refuse it whilst still acting within theLaw (by relying on exemptions) but they should tell you their reasons for refusing. In this circumstance we can assist you in understanding why, and whether there are other legal routes open to you.
If you do not receive a response to your letter within 1 month, chase them up. If they still don’t respond we can chase them for a response, where appropriate, and highlight their legal responsibilities.
If you receive a response that you are happy with, no further action is needed from any party.
If you are not satisfied with the response and you are able to:
- Provide evidence of your concerns, and
- Provide evidence that you have sought to resolve this with the entity directly, you can lodge a formal complaint with us.
The act of lodging a complaint enables us to conduct an investigation under Section 68 of our local data protection law using our powers as defined in Schedule 7, where needed. If you have evidence that you’ve already raised your concern and you’re not happy with the response, we may be able to help you.
The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance
Receive regular information and statistics related to our activities and governance