The Data (Use and Access) Act 2025 provides data subjects with a new statutory "right to complain". Once the relevant provisions are effective, controllers will need to ensure they have a complaints policy in place which meets the new requirements (including mandatory acknowledgement within 30 days). While many controllers will already have a complaints process in place, all will need to review these policies to ensure compliance with the new regime. This will ease the growing workload of the Information Commissioner's Office (ICO), particularly as data subjects will be formally required to raise a complaint with the relevant controller prior to pursuing a complaint with the ICO, but it is likely to have the opposite effect on controllers. This may be exacerbated by the recent significant increase in the use of generative AI by data subjects to submit complaints more quickly and in greater volume. If controllers are not prepared for the potential tidal wave of complaints, the mere failure of adequately handling complaints could result in further ICO investigations and liability beyond the subject of the original complaint.