The data protection act gives rights to data subjects (people whose personal data is stored on computer systems). This act has 8 principles to it:
1) Data must only be used in a fair and lawful way
2) Data must be only used for the specific purpose
3) Data should be adequate, relevant and not excessive for the specific use
4) Data must be accurate and up to date
5) Data should not be kept longer than necessary
6) The rights of the data subject must be observed
7) Data should be kept safe and secure
8) Data should be not be transferred internationally without adequate protection
Before an organisation can collect personal data, they must register with the Information Commissioner's Office (ICO) to say what data they'll collect and how it'll be used. The DPA gives data subjects the right to see what data an organisation holds about them.
However, there are some exceptions to this such as if the data they hold could affect national security, tax assessment or outcomes of a court case. If a data subject feels an organisations use of their data has caused them distress, they can be entitled to compensation.