The organization must establish a clear and documented process for receiving, assessing, and resolving complaints related to personal data handling or privacy violations.

• Complaints must be submitted through defined and easily accessible channels within 90 days of the incident or the date the individual became aware of it.
• Late submissions may be accepted when a valid reason for the delay is provided and documented.
• Each complaint must include essential details such as contact information, a description of the alleged violation, and supporting evidence.
• All complaints must be promptly reviewed and handled in a consistent, transparent, and fair manner.
• Every complaint should be logged in a dedicated register to ensure proper tracking, investigation, and resolution.
• The organization must coordinate with the competent authority as required, ensuring compliance with all applicable legal procedures and timelines.

Dokumentoi kaikki vastaanotetut yksityisyyden suojaa koskevat valitukset, mukaan lukien kunkin valituksen yksityiskohdat, valituksen tutkimiseksi toteutetut toimet, havainnot sekä lopullinen ratkaisu tai käsittely.

Osoita myös prosessi, jonka avulla yksilöt voivat tehdä valituksia.