3. Why the Act came into being

It was concerns about personal data, which grew as the use of computers increased in all areas of life, that led to the Data Protection Act 1984.  The 1984 Act set out regulations for storing personal data that was automatically processed.

It made no provision for data that was stored on paper, the Internet or huge customer databases generated from such things as loyalty cards.

However, as the use of ICT for storing personal data continued to expand, it was felt that the 1984 act did not go far enough in protecting the rights of individuals..

The 1998 Data Protection Act, extended the 1984 Act and enshrined the European Union directive on Data Protection into UK Law. This meant that UK law was in line with other Data Protection laws in other countries in the European Union. The new act extended the scope to the protection of paper-based data.

The act also increased penalties for breaking the law.

There is now a great deal of responsibility on the people that record and process personal data.They are known in the Act as Data Controllers and they must be totally truthful about the reason they are collecting the data and how they are going to use it.

Data Controllers must be open about their use of the data by telling the Information Commissioner (the person who enforces the Act), that they are collecting personal data and how they intend to use it.

The must also follow a set of eight principles, called the Data Protection Principles.