~3 page information security policy template on handling privacy complaints.
 
The organisation is obliged to take privacy-related complaints, enquiries and incident reports seriously, investigate them properly and address them appropriately in compliance with applicable laws and regulations, plus ethical considerations. This brief policy explains how.
 
Complaints handling is often neglected, even by organizations that take privacy seriously.  There are explicit requirements in GDPR, for instance, about handling privacy complaints, enquiries and personal information requests. Complainants and the authorities naturally anticipate a thorough investigation and appropriate, timely, professional response. Mishandling a complaint can lead to regulatory and customer relations issues, harming the brand. Conversely, sensitive, efficient and effective handling can turn a difficult situation around: it is an opportunity to shine. 
 
Supplied as an MS Word document, readily customised for your organisation's specific situation.