~3 page information security policy template on handling privacy complaints.
The organisation is obliged to take privacy-related complaints, enquiries and incident reports seriously, investigate them properly and address them appropriately in compliance with applicable laws and regulations, plus ethical considerations. This policy explains how.
This particular issue is often neglected, even by organizations that take privacy seriously and publish sensible privacy policies. There are specific requirements in GDPR about handling privacy complaints, enquiries and personal information requests.
Supplied as an MS Word document, readily customised for your organisation's specific situation.