The Data Protection Act 1998 (DPA) came into force on 1 March 2000. It sets rules for companies and organisations that deal with personal data. Personal data is information that identifies living individuals. The DPA applies to the processing of personal information and extends to some paper records as well as those held electronically. Its scope is very wide and it imposes a number of obligations. Some obligations are quite onerous on those involved in the processing of personal data. The information on this page is aimed at insolvency practitioners and does not go into detail about the basics of data protection.