House of Commons Data Protection information
Personal information provided to the House of Commons is processed in line with Data Protection Legislation. The Corporate Officer (Clerk of the House) is the Controller and the Data Protection Officer is the Head of Information Rights and Information Security (IRIS).
The House of Commons Data Protection Policy, and the accompanying Safeguards Policy (for special category data) can be found below:
How we process personal data is covered in our privacy policies. These include:
- House of Commons privacy notice for the public
- House of Commons privacy notice for sole traders
If you have any questions about the use of your personal data, or you would like to request access to your own personal data held by the House of Commons Administration, please contact the IRIS team (Information Rights and Information Security) by:
***As a result of following government advice, at the current time we are unable to respond to correspondence sent to the House of Commons by post. We will respond to any letters we receive as soon as possible, however in the meantime please where possible contact us by email.***
If you would like access to personal data held by a MP, please contact that Member directly. For the purposes of data protection legislation, Members of the House of Commons are controllers in their own right for the personal data they process.
Although part of Parliament, the House of Lords is also a separate controller for the purposes of data protection. You can find more information about data protection in the House of Lords on their parliamentary pages.
From 25 May 2018, new data protection laws cover the processing of personal data. “Processing” is defined in the Data Protection Act 2018 and includes actions such as collection, storage, adaptation or alteration, use, disclosure, erasure or destruction.
As with previous legislation, the new Act provides individuals with certain rights over the processing of their personal data. Your rights over your personal data will depend on our reasons for the collection and use of your information. Your rights are as follows:
· Right to be informed about the processing of your data
· Right of access to personal data
· Right to rectification
· Right to erasure
· Right to restrict processing
· Right to data portability
· Right to object to processing
· Rights related to automated decision making and profiling
You can read more about your rights on the Information Commissioner's Website.
If you would like to exercise any of these rights or if you are unhappy with the processing of your personal data by the House of Commons you should contact the Data Protection Officer in the first instance. Contact details are at the top of this page.
You also have the right to complain to the supervisory authority if you consider that the House of Commons are in breach of your data protection rights. The supervisory authority is the Information Commissioner's Office. They can be contacted by:
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Personal data held by House of Commons Members
Members of Parliament are also subject to Data Protection Legislation. Individual Members of Parliament (MPs) are data controllers in their own right and the House is not responsible for personal data processed by MPs (constituents, staff, etc.)..
If you have any queries or would like access to personal data held by a Member of the House of Commons, please contact that Member directly.
Advice for House of Commons Members and their staff
Members can get further guidance and advice from the Information Commissioner's Office (ICO). This is available via the ICO website or by calling 0303 123 1113.
Our existing guidance for Members relates to the Data Protection Act 1998. This guidance will be updated shortly to reflect the recent changes in legislation (GDPR and Data Protection Act 2018). Further advice for Members and their staff is available on the House of Commons intranet.
Privacy notices for House of Commons Members and their staff
The House of Commons Administration collects and processes personal data about Members and their staff in order for the provision of services. It is required under the GDPR to provide a privacy notice which sets out the kinds of data the Administration holds, why the Administration holds it, and individuals rights in relation to that data.