The Data Protection Act 1998 repealed and replaced the Data Protection Act 1984 with effect from 1st March 2000. The 1984 Act applied to computerised records only. The 1998 Act applies to personal data recorded manually or in print as well as to computerised data. Relevant British law implements EC rules and anyone concerned with legal problems relating to data protection would be well advised to refer to the wording of the EC Data Protection Directive 95/46/EC as well as to British law.

The general effect is to give rights of "subject access" to individuals , that is to give individuals the right to have access to information held about them and to have that information corrected or deleted where appropriate. The right is enforceable by complaint to the Information Commissioner (originally known as the Data Protection Registrar and then as the Data Protection Commissioner until 31st January 2001 when Freedom of Information Act 2000 responsibilities were added to the Commissioner's duties).

Subject to certain exemptions, personal data can be lawfully processed only by those who have notified the Information Commisioner and paid a fee (since October 2009 the fee has differed depending on the size and turnover of the notifier). An online ICO notification form is available.

A data controller may charge a fee for dealing with subject access. In most cases the maximum fee chargeable is £10 (or £2 if it is a request for limited information from a credit reference agency) and there are special rules that apply to fees for access to manual health records (see Data Protection (Subject Access)(Fees and Miscellaneous Provisions) Regulations 2000, SI 2000/191).

The Information Commissioner has power to prosecute or to serve an enforcement notice on a defaulting "data user". It is a criminal offence to fail to register when registration is required (Data Protection Act 1998 ss.17(1) and 21) and see notes at Criminal law aspects/offences under employment legislation/data protection ).

The Information Commissioner has issued a ICO warning about fake data protection 'agencies' (many are named) posing as official government bodies. They can attempt to charge unnecessary fees. The Office of Fair Trading will seek injunctions under the Control of Misleading Advertisements Regulations 1988 SI 1988/915 (as amended by the Control of Misleading Advertisements (Amendment) Regulations 2003 SI 2003/3183) in appropriate cases. Jail sentences are possible - see for example Trio jailed over £2m data protection con - Bradford Telegraph & Argus 8th June 2007.

There were transitional periods affecting existing manual records. The first, main, stage became fully effective on 24th October 2001. The final stage, removing minor exemptions relating to manual data in existence at 24th October 1998, came into effect on 24th October 2007 (see notes at Data Protection/Data Protection Act 1998 commencement )..

The Information Commissioner issued a draft Data Protection Code of Practice for employers on 9th October 2000. There were then delays. A complete consolidated version of the Code of Practice on Data Protection in the employment field was published in June 2005 - see generally Data protection/Code of Practice .

In autumn 2004 Revised guidance, October 2004, from the Information Commissioner in the light of the Court of Appeal judgment in the Durant case was issued (see Durant v Financial Services Authority CA 2003 EWCA Civ 1746 Court of Appeal on 8th December 2003 and notes at Data protection/personal data and/or Data protection/relevant filing system ).

The office of the Information Commission is at Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF. Telephone number is 01625-545 745 (or 01625 545740 for the notification helpline). The ICO web-site is at www.informationcommissioner.gov.uk. It contains a useful ICO News and Events section and the Information Commissioner's Office Technical Guidance Notes webpages which are an essential source of practical information on all aspects of data protection.

Ms Elizabeth France retired as Information Commissioner on 30th November 2002 and was succeeded by Richard Thomas (previously a solicitor at Clifford-Chance). Mr Thomas retired in June 2009. The New Commissioner is Christopher Graham, previously a BBC journalist and latterly director general of the Advertising Standards Authority (see The Guardian 13th Jan 2009, "ASA's Christopher Graham set to become information commissioner" and HC Justice Committee 3rd February 2009).

See also notes at Data Protection/Data Protection Act 1998 commencement and/or at Copyright .