Data protection: constituency casework - House of Commons Library

The Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) form the UK’s data protection regime. The legislation sets out the responsibilities of:

controllers – the persons or bodies that determine the purposes and means of processing of personal data; and
processors – those who process personal data on behalf of a controller.

It also details the rights that people have – eg a right to access to their data.

The Information Commissioner’s Office (ICO) oversees and enforces the law.

As Members of Parliament are “controllers”, they must comply with the 2018 Act and the UK GDPR. The ICO has published Guidance for the use of personal data by elected representatives in carrying out constituency casework (updated December 2022).

Related posts

Coups and political stability in West Africa

This paper discusses some of the factors behind recent coups in West Africa and surveys recent political developments in countries in the region.
- Africa
- Security
The Syrian civil war: Timeline and statistics

The paper provides a timeline of events and statistics on casualties, Syria's humanitarian and refugee situation, and UK aid spending and military activity.
Artificial intelligence and employment law

Employers are increasingly using AI in recruitment and management. This briefing explores the employment law implications and proposals for regulatory reform.