The Data Protection Act was initiated in 1998 by the government of U.K. in order to make the U.K law compatible with the EU Data Protection Directive of 1995. A simple summary of the data protection act would state that it was incorporated by nation states in order to protect personal data of individuals in accordance with their fundamental rights.
Therefore, the data protection acts protects any private information about any identifiable individual wherein personal data may include aspects such as the ethnicity, criminal records, sexual preferences, sexual orientation etc. of an individual. This right entails protection of such information except for when it is concerned with any aspect that hinder with or are obstacles to matters of national security, or unless the information has been passed on by the individual consensually, and of course unless it's being used for domestic purposes like maintaining an address book or contact information etc. since domestic use of data is usually consensual and harmless.
Such personal information is usually required for the processing of any contract, for government functions, or even for employment purposes. However, there are 8 major data protection principles under the data protection act that safeguard the rights and interests of people including that any processing of personal information should be in accordance with the law and that too must be utilised for the purpose that it was collected for, and discarded post the attainment of that purpose. Also, the information must be accurate and must be updated on a regular basis. Every individual has the right to have any information that they do not wish to share discarded at any point in time and finally technical efficiency must be maintained in order to safeguard that information and it must not in any condition be leaked beyond the borders of a nation state. This is how the U.K. seeks to protect its citizens from any misuse of personal data.