Data protection is an emotive issue and one which has generated much debate. Almost without exception people agree that there must be safeguards in place to protect the rights of the individual - hence the 1984 Data Protection Act.

However, in a bid to ensure continuity across the EC a new Data Protection Act is to be introduced by October 24 this year. Failure to comply will be a serious matter and it is important that all organisations handling data are aware of the forthcoming changes. Any necessary amendments must then be made as a priority.

The Act requires anyone holding data to notify the Data Protection Commissioner and for the first time data held on manual systems is also to be included.

In total, the Act contains eight data protection principles relating specifically to personal data.

The first principle places restrictions on handling of such information, for example, the data subject must have given consent; or it is necessary for the performance of a contract; or to protect the interests of the data subject, etc.

Additional restrictions apply for sensitive personal data such as racial or ethnic background, political opinions or mental health.

Other principles of the Act require that personal data may only be obtained for specified and lawful purposes, must be current and accurate, and appropriate measures must be taken against unlawful or unauthorised processing.

There are many more requirements in addition to the examples given above and businesses are advised to obtain a copy of the Data Protection Bill now for £6 from the Stationery Office on 0171 873 9090. Once the Bill is law, free information packs can be obtained from the Data Protection Commissioner.

Phillip Woodrow is a partner with Baker Tilly, Bradford.

Converted for the new archive on 30 June 2000. Some images and formatting may have been lost in the conversion.