Data protection: constituency casework - House of Commons Library

The Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) form the UK’s data protection regime. The legislation sets out the responsibilities of:

controllers – the persons or bodies that determine the purposes and means of processing of personal data; and
processors – those who process personal data on behalf of a controller.

It also details the rights that people have – for example, a right to access to their personal data.

The Information Commissioner’s Office (ICO) oversees and enforces the law.

As Members of Parliament are “controllers”, they must comply with the 2018 Act and the UK GDPR. The ICO has published Guidance for the use of personal data by elected representatives in carrying out constituency casework (updated September 2023).

Related posts

State support for victims of terrorism

There will be a Westminster Hall debate on state support for victims of terrorism at 1:30pm on 10 July 2025. The debate will be opened by Andy MacNae MP.
- Security
Deprivation of Citizenship Orders (Effect during Appeal) Bill 2024-25

A short bill proposing that a successful appeal against removal of British citizenship would no longer restore the person's citizenship immediately.
- Nationality
- Security
Proscribed Terrorist Organisations

The Home Secretary can proscribe organisations believed to be involved in terrorism under the Terrorism Act 2000