Complaints process and the DUAA

Posted by: Sarah - Posted on:

We set out here some of the requirements of the recently approved Data Use and Access Act (DUAA):

The Data Use and Access Act – N3i Information Governance

This post will specifically look at the requirement to manage Data Protection complaints.  If you don’t already do so, the DUAA requires you to take steps to help people who want to make complaints about how you use their personal information, such as providing an electronic complaints form. You also have to acknowledge complaints within 30 days and respond to them ‘without undue delay’.  

GP Practices can, if they wish, design a new complaints process to meet this requirement or, as we suggest, they can review their existing complaints process and ensure that it meets the DUAA requirements.

To assist with this, the following table will set out the requirements you may need to make to be compliant.  Once you have ensured you meet the red MUST sections please consider reviewing the amber and green sections as they also contain some very useful recommendations.