The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

This page provides advice and guidance to elected representatives and their staff, political parties and campaigners.

Paying the data protection fee

On 1 April 2019, the rules around paying the data protection fee changed. Members of the House of Lords, elected representatives and prospective representatives (including police and crime commissioners) are exempt from paying a fee, unless they process personal data for purposes other than the exercise of their functions as a Member of the House of Lords, an elected representative or as a prospective representative. For more information, read our guidance on the data protection fee.

Protecting personal information

Elected representatives have data protection responsibilities for the personal information they process in their work. They are data controllers under the GDPR. This means they are responsible for making sure all personal data handled by their office is done in a way that complies with the requirements of the GDPR.

For more information about the GDPR, including advice to help data controllers comply please see our comprehensive Guide to GDPR.

Members of Parliament 

In order to help MPs comply with their GDPR responsibilities alongside our Guide to GDPR, we have produced some frequently asked questions.

We have also issued guidance specifically for MPs on constituency casework and the processing of special category data. This will be republished after the Data Protection Bill has been passed. In the meantime this guidance includes additional references to reflect  any differing requirements of the GDPR.

Political campaigning

Political parties, campaigners and candidates campaign using a variety of communication methods to engage with voters. Where such campaigning involves the processing of personal data (including electoral register information) it must be carried out in compliance with the GDPR. Contacting an individual by post, email, text or similar message, voicemail, fax, phone or automated phone to promote a political view, or otherwise influence an individual, is ‘direct marketing’ and this is also regulated by GDPR and the Privacy and Electronic Communications Regulations. We have produced guidance on how to comply. This also highlights changes resulting from GDPR. This will also be republished after the passage of the Data Protection Bill and may also to take account of any relevant matters arising from our investigation into data analytics for political purposes.

Individual political parties have dedicated teams providing advice and guidance on political campaigning activities including the use of particular systems and procedures for engaging with voters. Members should contact their own parties for advice in relation to such activity.