Data Protection Complaints

Introduction

This page sets out how to make a complaint about how East Anglian Chambers (EAC) has handled personal data, how the complaint is handled and when to expect a response. It is intended for individuals whose personal information has been processed by EAC. Information on the type of data we collect and how can be found on our Privacy Notice.

East Anglian Chambers strives to handle personal data as carefully and securely as possible, in a lawful, fair and transparent manner.

What the law says

East Anglian Chambers is required to have a data protection complaints procedure, as set out in the Data (Use and Access) Act 2025 (DUAA), which amended the UK GDPR and the Data Protection Act 2018 (DPA). This requirement came into force on 19 June 2026. This requires EAC to:

  • Provide a clear way for individuals to make a complaint,
  • Acknowledge receipt of a complaint within 30 days,
  • Take appropriate steps to respond to complaints, notifying with updates and the outcome of complaints without undue delay.

When to use the Date Protection Complaints procedure

This procedure should be instigated by an individual who considers that EAC may have infringed data protection legislation due to the way their personal data has been handled. This covers complaints about:

  • how EAC dealt with a request made under the Data Protection Act 2018,
  • EAC’s security measures used for storing and protecting personal data,
  • how EAC has processed (collected, used, stored, shared or deleted) personal information,
  • the accuracy of personal data EAC holds,
  • any other matter relating to data protection.

Making a complaint

Where to send a complaint

Complaints can be sent by email to our Data Protection Officer on dataprotection@ealaw.co.uk, or in letter by post to:
Data Protection Officer
East Anglian Chambers
5 Museum Street
Ipswich
IP1 1HQ

Time Limits

Please be aware that EAC will only consider a Data Protection complaint within six months of the matter being complained about. Complaints made after six months will be considered out of time, unless there are exceptional circumstances such as the individual learning of the matter after six months after it occurred.

Information to provide with your complaint

Please provide as much detail as possible along with your complaint such as: your name contact details, what the issue is and what personal data is involved, relevant dates, copies of any relevant correspondence/documents, and the outcome that is sought. This will help us understand what you are complaining about and why, and help us investigate as fully and swiftly as possible.

We may need to ask for proof of identity from the complainant before we can investigate. If so, we will request it as the soonest opportunity.

Making a complaint on someone else’s behalf

A complaint can be lodged by an individual (or organisation) acting on someone else’s behalf, for example a family member, professional representative or an advocate or advocacy service. In these instances, we must check that the individual or organisation making the complaint has authority to do so, and may require evidence such as a signed letter of authority from the person being acted on behalf of, or a relevant power of attorney. Without appropriate evidence, EAC will not investigate the complaint.

Acknowledging, investigating, and responding to complaints

EAC endeavours to acknowledge receipt of a Data Protection Complaint within five working days of receiving it.

The complaint will be investigated, and we will endeavour to provide an outcome within one calendar month. Throughout the course of the investigation we may contact the complainant to request further information or clarity, and will provide updates on the progress of the investigation where possible. We may need additional time to provide an outcome in complex complaints, or where there are delays for any unforeseen reason. In these instances, we will inform the complainant and endeavour to provide realistic timescale.

Outcomes

Once the investigation into a complaint has been completed, the outcome will be provided to the complainant as soon as practicable. The outcome document will set out:

  • what has been investigated,
  • what information has been relied upon to complete the investigation,
  • what our findings are,
  • whether the complaint has been upheld in part or in full,
  • what action (if any) will be taken,
  • what further steps (if any) are available to the complainant.

Potential actions that EAC may take, in the event a complaint is upheld, may include: offering an apology, correcting inaccurate data, amending policies or processes, improving security measures, training, or any further action that is deemed appropriate and proportionate.

Dissatisfaction with the outcome or handling of the complaint

If the complainant feels that EAC have not handled the Data Protection Complaint appropriately, or is unhappy with the outcome of the investigation, the next course of action available is to refer the matter to the Information Commissioner’s Office (ICO). The ICO is the UK regulator for data protection and information rights. They can be contacted via the below methods:

Website: https://ico.org.uk/makeacomplaint/

Telephone: 0303 123 1113

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Record keeping and continual improvement

Records of all Data Protection Complaints will be retained in line with our retention policy. The records will contain issues raised, what steps and decisions EAC made, communication with the complainant, and any action that was taken. We will use the records to help identify improvements to be implemented regarding handling of personal data, compliance, and data security.

This procedure will be reviewed periodically and updated where improvements have been identified and implemented, the law or guidance changes, or any other relevant changes arise.

East Anglian Chambers
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.