Image of the Palace of Westminster

This site uses cookies to make the site simpler. Find out more

Tell us what you think of our website. Take the 3 minute survey.

3. Data Protection Legislation

Data protection laws, including the General Data Protection Regulation and the Data Protection Act 2018, control how personal information is used by organisations, businesses or the Government. The Office of the Registrar of Consultant Lobbyists is registered with the Information Commissioner as a data controller. The definition of “personal data” includes data relating to a living individual who can be identified from the data. This would include names and addresses of registrants and their clients, as well as other information relating to a living person from whom they could be identified (such as, depending on the circumstances, a company name and residential address, and details of any convictions under the Act).

Credit card information and banking details are held by partner organisations which process payments on the Registrar’s behalf. Registrants do not have to disclose a personal address (in order to assure their security). Everyone responsible for using data has to follow strict rules called “data protection principles”. They must make sure the information is:

  • used fairly, lawfully and transparently
  • used for limited, specifically legitimate stated purposes
  • used in a way that is adequate, relevant and not excessive
  • accurate
  • kept for no longer than is absolutely necessary
  • kept safe and secure

The Office of the Registrar of Consultant Lobbyists subscribes and adheres to these principles. Data obtained pursuant to the Act’s requirements is treated as having been obtained fairly.

In the event that information which is held by the Office is found to be incorrect as a result of the work of the Office, and I consider that erroneous information is detrimental to transparency (anything other than the most minor administrative error), the correction will be published on the Register at the earliest opportunity with the date of change. Where the correction covers more than one registrant record, all affected records will be updated, clearly stating that the error was made by the Office.

Guidance will be sought from the Information Commissioner as to whether any breach is reportable.

In May 2018, the General Data Protection Regulation and Data Protection Act 2018 supersedes the Data Protection Act 1998.