At a glance
As well as electoral law, if you are involved in processing personal data for political campaigning you have to comply with the UK GDPR, DPA and PECR.
In more detail
Organisations and candidates campaign using a variety of methods to engage with voters. Where this campaigning involves processing personal data you must carry it out in compliance with data protection law.
PECR complements the UK GDPR and DPA and provides additional rules for direct marketing by electronic means, such as phone, text message, and electronic mail. Direct marketing is defined in the DPA, section 122, Paragraph 5 as “the communication (by whatever means) of advertising or marketing material which is directed to particular individuals”. This includes contacting an individual to promote a political view or otherwise influence an individual.
This guidance provides practical advice and good practice recommendations to aid compliance with the UK GDPR, DPA and PECR. In order to do this, the guidance refers to other legislation including electoral law. However, you should direct requests for guidance and questions on compliance with electoral law to the Electoral Commission.
The UK GDPR sets out the key principles, rights and obligations for most processing of personal data.
The DPA supplements and tailors the UK GDPR, for example in specifying how lawful bases may apply or in providing further conditions for processing certain types of sensitive information.
The key principles set out by the UK GDPR are:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
The UK GDPR also provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
This guidance does not discuss each of these principles and rights in detail but highlights the most relevant considerations for processing for political campaigning purposes. You should read it in conjunction with other ICO guidance.
For general guidance on key data protection concepts, see our Guide to Data Protection.
For general guidance on electronic marketing laws, see our Guide to Privacy and Electronic Communications Regulations.