The Data Protection Act 1998 is an enactment of a European directive, so in addition to complying with the UK Act, employers must also comply with European legislation.

The Act does not inhibit organisations from appointing an external Data Protection Agent.  Whilst this does not absolve the company from its obligations under the Act, many of the detailed actions can be offloaded onto the agent.  The relationship here is similar to that of a tax accountant acting as an agent for taxation returns.  For more information, please refer to our Data Protection Service.

Complex transitional arrangements exist for ongoing systems.  These largely ran out before 23rd October 2001.  The UK Act came into force on 1st March 2000 and existing systems and practices must now conform.  Many of these may well be illegal!  The onus is on the employer to show that adequate steps have been, or are being taken to comply with this legislation.  Due diligence by the training of staff is a defence against criminal proceedings.

The Act consists of 75 sections in six major Parts and sixteen Schedules which contain further information on various subjects relating to the Act, including the Data Protection Principles, the Commissioner, exemptions and definitions.  More recently, a number of Statutory Instruments (19 to date) were made under the Act.  These often modify the application of the Act in particular industry sectors such as health, education etc, and may be essential to your operations.  It is not an easy Act to read or comprehend.

The unique Mini Manual - 'Taming the Data Protection Tiger' - reduces the complexity by unique visualisation and practical mnemonic check lists.  price list and order.