No supervisory authority complaint pathway in privacy policy

Data Protection Authorities (DPAs) are official government bodies that oversee privacy law. GDPR (the European privacy regulation) requires businesses to tell individuals in their privacy policy that they have the right to complain to a DPA if they believe their data is being mishandled. Omitting this pathway is a breach of GDPR Article 77. During a regulatory investigation or complaint, the absence of this disclosure can increase penalties and signal to regulators that your privacy compliance is not taken seriously. Add a paragraph to your privacy policy stating that individuals have the right to lodge a complaint with the relevant data protection authority in their country. Include a link to the appropriate authority — for example, the ICO in the UK or the OAIC in Australia.