ABSTRACT
The focus of the 1984 Act was registration. Once a Data User (the equivalent of a Data Controller) had registered their data processing activities with the Data Protection Registrar (now the Information Commissioner), they were then permitted to carry out those activities. The old Data Protection Principles did not contain the requirement for the Data Subject to know what was going on, and the Data Subject had very few rights to restrict the Data Controller’s use of their data.
