My Account

Data protection complaints procedure

Complaints regarding data protection matters should be addressed to the Data Protection Officer at

Examples of such complaints might include concerns that personal data has not been handled securely; that information has not been obtained fairly; difficulties in accessing your personal information; or that personal data had been retained for longer than was necessary.

We will not usually investigate concerns where there has been an undue delay in bringing the matter to our attention. You should raise your concerns with us within three months of your last meaningful contact with the Council.

Your complaint will usually be considered by the Information Governance Manager (unless the complaint is about that officer in which case it will be referred direct to the Data Protection Officer). The Information Governance Manager will:

  1. Log your complaint and acknowledge receipt
  2. Undertake any necessary investigations and respond direct to you within 20 working days. Where it is not possible to meet the 20 day deadline, you will be advised and an alternative timescale notified

In the case of a serious complaint, the Information Governance Manager may refer the complaint to the Council’s Data Protection Officer to consider, following the same process.

If your complaint also involves a service delivery issue that does not relate to data protection, that element of your complaint will be dealt with separately through the Council's Corporate Complaints procedures.

If you are not satisfied with the response to your complaint, you may raise the matter with the Information Commissioner’s Office (ICO). The ICO is the UK regulatory body for data protection matters. Read about how the ICO handles data protection complaints.

Updated: 06 October 2022

Stay up to date! Make sure you subscribe to our email updates.