In 1984 the UK introduced the Data Protection Act. It aimed to govern the processing of personal data by companies and organisations. By 1998 it had become clear that the Data Protection Act needed a review. This was to cover the growing use of computers within the workplace.
The new Data Protection Act included data stored on a computer. It also included accessible records in education and health. The penalty for breach of the 1998 act was a fine or criminal prosecution.