A legal document that lays out requirements which all organisations across the EEC that are processing personal data must adhere to. It is designed to protect the rights of the individual, and does this by requiring that organisations justify their reasons for processing data, and ensuring that this data is kept accurate and secure, as well as giving individuals right of access. It covers both computerised and manual (including health) records.

The Data Protection Act covers personal data in electronic and manual formats (for example paper files). The key points of the act state that any data (information) collected by an organisation must be done so fairly and legally, and that the information stored about a person must be kept accurate and up-to-date and not kept for longer than is necessary. Also, security measures must be put into place to stop unlawful or unauthorised processing of personal data and accidental loss or damage to personal data. The Act also gives rights to the individuals as regards to the data stored about them. Amongst other things, individuals are entitled to request a copy of all personal data stored on them and can prevent their details being used for direct marketing. They can also stop their details being used in a way that is likely to cause distress or discomfort.

the Act gives every living person or their authorised representative, the right to apply for access to their health records to obtain copies. One of the purposes of the Act is also to safeguard the rights of individuals when processing and moving personal data.