A Data Principal's right to have grievances about data processing addressed by the Fiduciary and the DPB.
The Right to Grievance Redressal provides Data Principals a formal mechanism to raise complaints about how their data is being processed. Under Section 11(1)(d), every Data Fiduciary must provide an accessible grievance mechanism. The Fiduciary must respond within the prescribed timeline. If the Data Principal is unsatisfied with the response, they can escalate to the Data Protection Board of India for adjudication and potential penalties against the Fiduciary.
An accessible grievance mechanism is not optional — it must exist and be responsive. Ignored grievances escalate to the DPB, which can impose penalties. A well-managed internal process prevents Board involvement.
A customer of a Kochi e-commerce platform complains that their data was shared with marketing partners without consent. The platform must acknowledge within 48 hours and resolve within 30 days. If unresolved, the customer can file directly with the DPB.
A generic "Contact Us" form is not a DPDPA-compliant grievance mechanism. You need a designated process with acknowledged timelines, tracking IDs, and a named Grievance Officer.
DPDPA Shield automates Data Principal Rights. See how →