New data protections rules coming in today

New data protection rules regarding customer complaints are coming in today (19th June).

The Data (Use and Access) Act 2025 now requires you to have a data protection policy for handling complaints about the use of people’s personal data, meaning you must be clear about the process – and the timeframe in which issues will be dealt with.  

The new rules make it mandatory to:

  1. Provide a way for people to make complaints about the use of their data. The easiest way to achieve this is to provide an email address for people to submit complaints.

    The NRLA privacy notice template has always included this information, so if you use it already you are compliant with this element of the legislation.
  2. Inform people that they may complain to the ICO. The NRLA privacy notice template has always included this information, so, again, if you use our privacy notice, you are already compliant.
  3. Acknowledge receipt of a complaint within 30 days. You are not required to resolve the complaint within 30 days, but you must respond to confirm receipt. If the complaint is made via email, then an auto-acknowledgement email is sufficient to meet this requirement in most cases. 
  4. Investigate and address the complaint within a reasonable amount of time. What is a reasonable timeframe will generally depend on the complexity of the complaint and the number of staff you need to speak to. 

Remember, in practice, complaints about data protection are rare within the private rented sector, and we do not expect many landlords to have to handle these complaints on a regular basis, but you do need to be prepared.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *