For Everyone

For Members

Join from £15/year

About Us

What we stand for

Our Networks

Data Protection Complaints

New rules for data protection complaint handling come into force on 19th June 2026. This follows the changes made in the Data Use and Access Act (DUAA) 2025.

 

What is a data protection complaint?

Data protection complaints are not the same as the Federal Complaints Process, which adjudicates internal disputes against members of the Party. 

Data protection complaints cover:

  • Misuse or unlawful sharing/processing of personal data inc. direct mail 
  • Mishandling of statutory data rights
  • Dissatisfaction related to the processing of Subject Access Requests (SARs)
  • Data accuracy failures or breaches of retention timelines
  • Potential personal data breaches
  • Privacy & Electronic Communication Regulations (PECR) violations re: marketing

 

How does the Party receive these types of complaints?

Complainants are not required to use specific technical language or a formal form. They can be submitted via various channels which may include:

  • Email: Directly to data.protection@libdems.org.uk 
  • Standards Officer: Complaints received via the Party’s formal complaints process, which are then shared with the HQ Data Protection Team
  • Post: First Floor, 66 Buckingham Gate, London, SW1E 6AU
  • Verbal: Complaints via phone; staff / volunteers must log immediately and forward to data.protection@libdems.org.uk
  • Local Party or Organisation (AO): Complaint received locally and assigned to HQ Data Protection Team
  • Pre-existing contact forms: Other available Typeforms on the Website
  • HQ Teams: Complainant raises concerns with another HQ department

 

What is the process for handling these complaints?

The HQ Data Protection Team processes these complaints in line with the new ICO guidance which requires us to formally acknowledge a data protection complaint within 30 days, investigate and respond without undue delay and maintain an internal log of the complaints.

 

What happens if someone is unhappy with the outcome of the investigation?

  • Internal Review: If the complainant is dissatisfied with the initial response, a review should be conducted and may require escalation to a different member of staff. This will depend on the nature of the complaint and may not be necessary in every circumstance.
  • ICO Escalation: Complainants have a statutory right to escalate their concern to the Information Commissioner’s Office (ICO) if the internal process does not resolve the issue or if we fail to respond within a reasonable period. Individuals are generally expected to complete our internal process before approaching the regulator.
    • ICO Website: ico.org.uk
    • ICO Helpline: 0303 123 1113

 

What changes have we made to remain compliant with the new guidance?

The HQ Data Protection Team already has a process in place for data protection complaints. We have reviewed this against the new ICO guidance and updated the Party’s policy and procedures where necessary. This includes more signposting on relevant Party webpages to make it easier for individuals to know where to direct any complaints if they’re unhappy with the way their personal data has been handled.

 

What does this mean for party organisations?

You do not need to do anything different to what you already do with data protection complaints. Please continue forwarding them to data.protection@libdems.org.uk as soon as possible.
We have 30 days to acknowledge a data protection complaint and then investigate and respond without undue delay.

 

If you have any questions about the above, please email data.protection@libdems.org.uk 

This website uses cookies

Please select the types of cookies you want to allow.