ABSTRACT
The Data Protection Act 1998 (‘the Act’) implements the EU Data Protection Directive,1 which had the twin objectives of: (a) harmonising data protection laws throughout the EC; and (b) protecting the privacy of individuals in relation to the processing of personal data. The preamble to the Act describes it as a measure to provide for ‘the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information’. The Act came into force on 1 March 2000, replacing the Data Protection Act 1984. It contains transitional provisions for data processing which was under way prior to 24 October 1998. Processing which postdates 24 October 1998 will be subject to the Act’s provisions.
