The Data Protection Act 1998 is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people.

1. A business that handles staff, client or supplier’s data that identifies the person is required to comply with the Data Protection Act.
2. It is the main piece of legislation that governs the protection of personal data in the UK.
3. The equivalent European Directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data is applicable to all organisations that operate within the European Union.
4. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions.
5. The Act defines eight data protection principles.

1. The Data Protection Act 1998 requires every organization who is processing personal information in an automated or using an IT system to notify the information Commissioner, unless they are exempt.
2. Failure to notify is a criminal offence.
3. Register entries have to be renewed annually. If you are required to notify but don’t renew your registration, you are committing a criminal offence.