The Data Protection Acts aim to ensure that the collection of data on individuals and others is used specifically for the purposes intended, and not for private use.
It was passed in Parliament in the UK as a form of identity safety for people. The basic premise of each Act is that if anyone ever needs to access information on another individual for whatever reason, this reason must be extremely valid, and follow a protocol for data gathering.
A person who works in IT has to keep in mind that they are in control of data that is personal, financial, and confidential. They could be held liable for accessing information without consent only because they have access to it. For this reason, the place of employment of an IT professional MUST have a specific contractual protocol that ensures that all IT personnel will follow it to avoid potentially dangerous assumptions.
The University of Lancaster, for example, cites these as their own protocol for data collectors and data administrators. You can see how specific the organization is when it comes to allowing access to data, and what to do with it.
To make a subject access request- an individual is entitled to be supplied with a copy of all personal data held.
To require the data controller to ensure that no significant decisions that affect them are based solely upon an automated decision-taking process
To prevent processing likely to cause damage or distress
To prevent processing for the purposes of direct marketing
To take action for compensation if they suffer damage by any contravention of the Act by the data controller
To take action to rectify, block, erase or destroy inaccurate data