Data Protection

Under the Data Protection Act, the Parliament is required to comply with eight principles when processing personal information. These principles ensure that information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

The Parliament has a policy on handling personal data in line with the requirements of the Data Protection Act 1998. The policy is reviewed every 12 months. It was last reviewed in September 2016.

This notice provides information about how the Scottish Parliament handles personal data and who to contact to find out more.

Members of the Scottish Parliament are provided with guidance on their data protection responsibilities.

The Parliament is also required to register with the UK Information Commissioner, who is responsible for the protection of personal information across the UK. A copy of the Parliament’s notification, which sets out the kinds of personal information we hold, and how we use that information, can be found on the UK Information Commissioner's website.

To request information the Parliament holds about you, please go to the Making a Subject Access Request page.

The General Data Protection Regulation (GDPR)

In May 2018 the General Data Protection Regulation (GDPR) will be implemented. If you collect or store personal data you may need to change the way this is carried out.

Person signing forms Photo: iStock/Yevgen Timashov

Making a Subject Access Request

How to request information that the Parliament holds about you