| answer text |
<p>Members are the Controllers for the personal data held by their Parliamentary offices.
This includes the data and information stored on the Parliamentary-provided devices
and network accounts of their Parliamentary staff, including staff funded by short
money.</p><p>In almost all circumstances, access is only provided to the data held
in a Member’s parliamentary account or devices (or those of their staff) by the Parliamentary
digital Service (PDS) on the instruction of that Member in their capacity as Controller.
This is in line with the UK General Data Protection Regulation (UK GDPR) data processing
contract between each Member and the Administration.</p><p>As the Controller, a Member
can instruct PDS to grant themselves, or members of their Parliamentary staff, access
to the accounts and devices assigned to other staff in their own office.</p><p>Devices
funded by short money that have been ordered through PDS are managed by PDS. In line
with the UK GDPR data processing contract between individual Members and the Administration,
PDS would facilitate access to the information stored on these devices at the instruction
of the Controller.</p><p>Although no specific guidance has been issued by PDS to political
parties on this issue, the Administrations of both Houses of Parliament have a data
processing contract that applies to Controllers using Parliament’s IT systems. The
contract for Members of both Houses includes a service description that sets out how
Members are using Parliament’s IT systems to process the personal data which they
are responsible for.</p>
|
|
