Make a Complaint

Individuals are at the heart of data protection legislation. The Law contains legal rights and responsibilities and specifically aims to strengthen individuals’ rights.

In addition to your 10 rights, local entities who decide how your personal data is used must adhere to these seven principles outlined in our local data protection legislation.

If you feel your rights (or someone else’s) are not being respected, in the first instance this is what you need to do:

Contact the entity (the organisation or person) who you think may be mis-using personal data, in writing, and explain to them which of your 10 rights you want to exercise, where appropriate. Make sure you keep a copy of your letter. Remember that whilst you can make this request – they may be able to refuse it whilst still acting within the Law (by relying on exemptions) but they should tell you their reasons for refusing. In this circumstance we can assist you in understanding why, and whether there are other legal routes open to you.
If you do not receive a response to your letter within 1 month, chase them up. If they still don’t respond we can chase them for a response, where appropriate, and highlight their legal responsibilities.
If you receive a response that you are happy with, no further action is needed from any party.
If you are not satisfied with the response and you are able to:
- Provide evidence of your concerns, and
- Provide evidence that you have sought to resolve this with the entity directly, you can lodge a formal complaint with us.

The act of lodging a complaint enables us to conduct an investigation under Section 68 of our local data protection law using our powers as defined in Schedule 7, where needed. If you have evidence that you’ve already raised your concern and you’re not happy with the response, we may be able to help you.

Please contact us if you have any questions about this.

Make a Complaint

Stay informed

Follow the ODPA

Stay informed

Follow Us