Data deadline warning

By October 24 companies must ensure that all computerised and manual data concerning clients, prospects and employees complies with the Act -- if added after October 23, 1998.

If it does not, firms will face fines of up to £5,000.

"The Data Protection Act 1998 is a significant piece of legislation and something that all firms should have looked at already.

"If they have not, it is imperative that they act now because otherwise they'll face huge repercussions," explained Chris Styles at Jackson Stephen.

The new Act sets out eight principles governing the collecting, holding, processing, access, use and disclosure of data.

Data must be processed fairly and lawfully

Data must be processed to avoid damage and distress

Data should be adequate, relevant and not excessive

Data should be accurate and up to date

Data should not be kept longer than necessary

Data must be processed in accordance with the rights of data subjects

Appropriate technical and organisational measures must be taken to prevent unlawful processing, accidental loss, destruction or damage of personal data

The DPA 1998 also extends to manual systems

"Though the first phase only requires computerised systems introduced on or after October 24, 1998 to comply with the Act, it will still affect a lot of businesses," Mr Styles said.

"If businesses have not trained efficient data controllers in order to ensure compliance, they should certainly do so now.

"The two remaining phases introduced over the coming years will also necessitate major changes in the way data is handled, and the longer it is left, the more difficult data management becomes."

The second phase runs from October 24, 2001 to October 24, 2007.

This means that all manual data held by a company on or after October 24,1998 will be subject to the Act.

The third phase runs from October 24, 2007.

After this point all data held by companies will have to be compliant with the Act.