What is the best way to publish councillor contact information from a data protection perspective?

Following recent local elections, many councils are welcoming new councillors into their councils. Many local council professionals have been in touch with our team to ask:

How do we publish councillor contact information in a GDPR-compliant way?

Lets start with the basics. Data protection and UK GDPR compliance is concerned with the protection of people’s personal data.

So what counts as personal data when it comes to councillor contact details? In this case we are likely referring to their:

• Full name

• Address

• Email address

• Phone number

• Links to social media or websites

All of this is information can be used to identify the councillor concerned and is, therefore, personal data.

This means that the UK General Data Protection Regulations (UK GDPR) and by association the UK Data Protection Act 2018 (DPA) applies, which means that, as data controllers, councils will need to apply a lawful basis to publish councillors’ details.

Councils usually try and use the lawful basis of consent but this is not necessarily the best option.

Data controllers must select from the six provided lawful basis options:

• Consent

• Contract

• Legal Obligation

• Vital Interest

• Public task

• Legitimate Interest

When it comes to councillor contact details, we have two clear candidates for lawful basis, namely consent or public task. Both have merits based on the types of data being published. Lets look at two scenarios.

Scenario one, you provide the councillor with a parish council email address for example:

Cllr Darren Briddock

Email: cllr.briddock@parishcouncilname.gov.uk

In this case you are publishing data that is data controlled by the council, the council has set these systems up and nothing here is private, so you could publish this with the lawful basis of public task, regardless of if the councillor agrees or consents to it. The council controls the data so you can use your public task basis to process it. Simple.

Scenario two, you allow the councillor to use a non council email address  for example:

Cllr Darren Briddock

Email: darrenbriddock@myprivateemail.com

In this case you are publishing data that is data NOT controlled by the council, you will need consent of the councillor to publish this data. It is private data that they control, the council does not control it.

The councillor concerned must provide a positive confirmation that they give consent, they must know what will be done with the data and be free to say yes or no. Consent can also be reversed at any time.

Best Practice: Issue Council Email Addresses

Our strong advice?

Give every councillor a council-issued email address.

This approach:

• Reinforces professionalism

• Keeps council communications secure

• Allows publication of contact details using the public task basis

• Avoids murky data protection territory

After all, most businesses don’t allow employees to use their personal emails for work, so why should councils?

The same logic applies to home addresses and phone numbers. Avoid using personal information unless you’ve got valid consent, and even then, think carefully.

This advice is further underpinned by Assertion 10 of the Annual Governance Statement (AGS) in the 2025 SAPPP Practitioners Guide, which highlights the importance of managing information lawfully and responsibly.

Need support navigating information compliance, give our experts a call on 01903 299000 or book a call here: CLICK HERE