Many companies have to provide an internal and external dispute resolution process for individuals who think that their data are not collected, processed or used in compliance with the applicable privacy principles.
Internal dispute resolution
The individual first submits his or her complaint in the internal dispute resolution procedure. It includes an investigation based on the individual’s complaint and the evaluation of whether the company has collected, processed or used personal data of the individual without complying with one or more of the EU-US Privacy Shield Privacy Principles. The investigation as well as the evaluation is conducted by an internal working group or department of the company. The company must provide a summary of the results to the complainant.
External dispute resolution
Only if this procedure fails, the individual may use the external dispute resolution procedure. In this case 2B Advice will investigate and evaluate the facts based on the complaint filed by the individual. 2B Advice will take into account the facts the individual has provided as well as the facts the company has provided. The company has agreed to cooperate with 2B Advice in the course of such an investigation and to provide all necessary information for the dispute resolution process. The investigation and evaluation will be conducted by experienced data protection experts of 2B Advice.
Contact details for the internal and external dispute resolution
Companies which have certified under the EU-US Privacy Shield program have to provide a publicly available Privacy Statement, preferably on their Website. The Privacy Statement must include contact details for the internal and the external dispute resolution process. If you want to file a complaint in the internal dispute resolution procedure, you will find the necessary contact information in the Privacy Statement. The U.S. Department of Commerce maintains on its EU-US Privacy Shield website: www.privacyshield.gov a public list of those companies that have certified their compliance with the EU-US Privacy Shield Framework. A company’s EU-US Privacy Shield certification record includes contact details relevant to the internal dispute resolution process and identifies the external dispute resolution provider(s).
How to File a Complaint
Filing a Complaint & Dispute Resolution Process
You can file your complaint in the external dispute resolution process by using our standard complaint form. We will only open a new case if the complaint refers to a company that has entered our external dispute resolution agreement.
Privacy
We will not disclose your name or your email address to the company unless you explicitly allowed us to do so. You will find the respective option in our standard complaint form. If you want to learn more about our data protection standards when collecting, processing or using your personal data, please refer to our Privacy Notice.
Your complaint
It is very important to understand the essence of your complaint. Therefore we like you to provide as much precise information as possible on what happened. This includes data types concerned, the kind of processing procedure and the Principle(s) that you think have been violated.
How we act
If we have all necessary information from you, we will ask the company to provide all necessary information, too. After the evaluation has been completed we will provide a written advice to the company if there should be a violation of the Privacy Principles. You will receive a summary of the results. Companies taking part in our dispute resolution program have agreed to fully participate in any inquiry or investigation by us, and agreed to accept our advice as final.

CERTIFIED EXPERTS
EuroPriSe Certified & Accredited
Legal & Technical Experts

SINCE 2003
We are one of the providers with the longest experience in the market.

INTERNATIONAL TEAM
Our data protection expertise is transnational and we work internationally.

2B Advice is ISO/IEC 27001:2013 Certified

2B Advice is an IAPP corporate Gold member

2B Advice is a Microsoft Gold-Certified Partner
Our Clients (Selection)

How We Can Help
Explore Our Consulting Services
Certification & Training
Further Information

Learn more about how data protection compliance software can help you with GDPR compliance.


7 reasons why to get started on the journey to privacy compliance. Download the whitepaper!


Interested in an unlimited single seat license for comprehensive data privacy software? Register here now.
Latest Blog Posts


Initially, the EU Whistleblower Directive was supposed to be effective by December 17, 2021. However, the legislative process failed.


The right of access, enshrined in Art. 15 of the GDPR, gives data subjects the right to obtain from the controller.


The annual data protection conference (45th DAFTA) of the Gesellschaft für Datenschutz und Datensicherheit (GDD) e.V. took place on 18.11.2021.