The formal procedure for Data Principals to file complaints with the Data Protection Board against non-compliant Fiduciaries.
The DPB complaint process is initiated when a Data Principal files a formal complaint alleging violation of their rights by a Data Fiduciary. The process requires the complainant to first exhaust the Fiduciary's internal grievance mechanism. If unresolved, the complaint is filed digitally with the Board. The Board may dismiss frivolous complaints, or initiate inquiry proceedings. Both parties submit evidence, the Board adjudicates, and issues an order with or without penalty. The entire process is designed to be digital and time-bound.
Every unresolved internal complaint is a potential Board complaint. Understanding the process motivates investment in robust internal grievance handling — resolving issues before they escalate to formal proceedings where you face penalties and legal costs.
A Mumbai resident complains that a fintech app shared their financial data with an unauthorised third party. After 30 days with no response from the app's Grievance Officer, they file with the DPB. The Board issues notice to the fintech, which must respond with evidence within 14 days.
Data Principals cannot go directly to the DPB without first using the Fiduciary's internal grievance mechanism. The Board requires evidence that internal resolution was attempted before accepting a complaint.
DPDPA Shield automates Data Principal Rights. See how →