What is a DUAA complaints procedure template?

A DUAA complaints procedure template is a pre-drafted document designed to help UK data controllers meet the complaints-handling requirements introduced by Section 103 of the Data (Use and Access) Act 2025. It outlines the steps for receiving, acknowledging, investigating, and resolving data complaints.

Is the 30-day SLA mandatory under the DUAA?

Yes, Section 103 of the DUAA inserts Section 164A into the DPA 2018, requiring data controllers to acknowledge receipt of complaints within 30 calendar days of receiving them.

Can we customise the complaints procedure template?

Yes. The template pack you generate is designed as a standardised starting point, which is fully customisable to include your specific contact information, officer titles, and office addresses.

Author: Compliance Editorial TeamPublished: 18 June 2026

DUAA Complaints Procedure Template: Get Ready for the 19 June 2026 Deadline

Need a ready-to-adapt DUAA Complaints Policy and CSV Tracker instantly?

Get Compliant Pack – £20

Under the **Data (Use and Access) Act 2025 (DUAA)**, which comes into force on **19 June 2026**, UK organisations acting as data controllers must have a clear process for handling data protection complaints. A standardised **DUAA complaints procedure template** is the fastest way to put an operational framework in place and reduce regulatory risk.

What is the DUAA Complaints Procedure Requirement?

The Data (Use and Access) Act 2025 introduces a mandatory complaints-handling requirement for UK organisations. Specifically, Section 103 of the DUAA inserts a new Section 164A into the Data Protection Act 2018. Under these rules:

Individuals have a statutory right to submit complaints if they believe their personal data has been handled in breach of the law.
Controllers must acknowledge receipt of any complaints in writing within 30 days.
Controllers must investigate the allegations without undue delay and notify the complainant of the outcome, remedial actions, and rights of escalation.

Key Components of a Compliant Procedure Template

A comprehensive DUAA complaints procedure template must include structured sections mapping to the ICO-aligned workflow:

1. Submission Channels

Provide clear contact routes (email, form link, post) for individuals to raise complaints.

2. Statutory 30-Day SLA

A clear commitment to acknowledge receipt of complaints within 30 calendar days.

3. Workflow Ledger

Details on how to log and track received complaints internally to support compliance audits.

4. Regulator Escapes

Required signposting informing complainants of their right to escalate to the ICO.

Why Small Businesses Must Act Before 19 June 2026

Failing to have a documented complaints process may increase regulatory risk, ICO scrutiny, and the likelihood of escalation. The ICO expects controllers to be audit-ready. Using a template avoids the expensive cost of bespoke legal drafting, which typically starts at £400+.

The DUAA Shield compliance pack includes a customisable PDF complaints policy, website notices, acknowledgement templates, and a pre-formatted complaints tracker CSV for a one-time £20 fee.

For more details, view the official legislation source:Legislation Website

Frequently Asked Questions

What is the DUAA complaints procedure requirement?

Under Section 103 of the Data (Use and Access) Act 2025, UK organisations that act as data controllers must have a procedure for individuals to submit data protection complaints, which must be acknowledged within 30 days and resolved without undue delay.

Do sole traders need this template?

Yes, if you act as a data controller and process personal data, you must establish an operational complaints process.

Does this template pack include website wording?

Yes. The pack includes the policy document, website notice wording, email receipt templates, and an internal CSV log sheet to track complaints.

Disclaimer: This template pack is a standardised compliance-support document set and does not constitute formal legal advice or representation. Complex organisations should seek specialist counsel.