The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

This page provides advice and guidance to elected representatives and their staff, political parties and campaigners.

Guidance for the use of personal data in political campaigning

Being able to communicate with and engage voters, including using digital services, is an essential part of democratic life. It is equally important to retain the trust and confidence of voters in using their data and the integrity of elections. This guidance highlights the importance of processing personal data in compliance with data protection law during political campaigning.

Paying the data protection fee

On 1 April 2019, the rules around paying the data protection fee changed. Members of the House of Lords, elected representatives and prospective representatives (including police and crime commissioners) are exempt from paying a fee, unless they process personal data for purposes other than the exercise of their functions as a Member of the House of Lords, an elected representative or as a prospective representative. For more information, read our guidance on the data protection fee.

Protecting personal information

Elected representatives have data protection responsibilities for the personal information they process in their work. They are data controllers under the UK GDPR. This means they are responsible for making sure all personal data handled by their office is done in a way that complies with the requirements of the UK GDPR.

For more information about the UK GDPR, including advice to help data controllers comply please see our comprehensive Guide to UK GDPR.

Members of Parliament 

In order to help MPs comply with their UK GDPR responsibilities alongside our Guide to UK GDPR, we have produced some frequently asked questions.

We have also issued guidance specifically for MPs on constituency casework and the processing of special category data. This will be republished after the Data Protection Bill has been passed. In the meantime this guidance includes additional references to reflect  any differing requirements of the UK GDPR.

Political campaigning

Political parties, campaigners and candidates campaign using a variety of communication methods to engage with voters. Where such campaigning involves the processing of personal data (including electoral register information) it must be carried out in compliance with the UK GDPR. Contacting an individual by post, email, text or similar message, voicemail, fax, phone or automated phone to promote a political view, or otherwise influence an individual, is ‘direct marketing’ and this is also regulated by UK GDPR and the Privacy and Electronic Communications Regulations. We have produced guidance on how to comply. This also highlights changes resulting from UK GDPR. This will also be republished after the passage of the Data Protection Bill and may also to take account of any relevant matters arising from our investigation into data analytics for political purposes.

Individual political parties have dedicated teams providing advice and guidance on political campaigning activities including the use of particular systems and procedures for engaging with voters. Members should contact their own parties for advice in relation to such activity.