The Legislation

The original Data Protection Act (DPA) was introduced in the UK in 1974. 

It was revised and updated in 1998 in response to the European Data Protection Directive, which was been adopted in 1995.  Compliance with the DPA is overseen by the Information Commissioner's Office (ICO), and formerly the Data Protection Authority.

The DPA sets out a legal framework of rights and duties which are designed to help safeguard personal data. This framework balances the legitimate needs of organisations to collect and use personal data for their business, and the rights of individuals to have their personal details protected and not misused.  It ensures that companies recording personal data:

  • follow good data handling procedures; and
  • use personal data appropriately.


The DPA's rules cover manual and electronic processing of personal data such as: name, address, date of birth, income, occupation, bank details, etc - exactly the information that is captured when completing an application for motor finance in a dealership.

The public has become more aware of their legal rights under the DPA and scrutiny of how personal data is handled will only increase further. It is imperative that all businesses know their responsibilities and are compliant with the DPA to avoid any possible legal action.