Under the Data Protection Act, the Parliament is required to comply with eight principles when processing personal information. These principles ensure that information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate protection
The Parliament is also required to register with the UK Information Commissioner, who is responsible for the protection of personal information across the UK. A copy of the Parliament’s notification, which sets out the kinds of personal information we hold, and how we use that information, can be found on the UK Information Commissioner's website.
To request information the Parliament holds about you, please go to the Making a Subject Access Request page.