3½ page generic information security policy concerns the handling of inquiries, complaints and incidents involving privacy of personal information.
Organizations are obliged to take privacy-related inquiries, complaints and incident reports seriously, investigate them properly and resolve them appropriately in accordance with applicable laws and regulations (such as GDPR), plus ethical considerations. This policy says how.
Note: this particular issue is often neglected, even by organizations that take policy seriously and publish sensible privacy policies. It is an explicit requirement under GDPR.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Privacy inquiries policy
A policy template on handling privacy inquiries, complaints and incidents