Companies must prepare now for the Data Protection Act or risk legal action, a city law firm has warned.
The wide-ranging act, expected to be in place early next year, will cover many types of data from personnel records to email and 'click trail' lists of web sites visited.
It will tighten up the provisions of the 1984 act and force companies to take measures to protect personal data held on their systems.
It will also ban the export of data from the European Union to those countries - such as the US - that do not have strict data protection legislation.
According to research by the Home Office, the new law will cost UK business #836 million in initial costs. Manufacturing, financial services, utilities, transport companies and large retailers will be most affected.
Christopher Millard, a partner at law firm Clifford Chance, said some companies had only just started to look at the act.
Millard warned that delaying compliance for too long could leave companies open to actions from people or groups concerned about the sort of information held on them.
Pressure group Privacy International is already compiling a list of multinational corporations to target and will complain to data protection commissioners about violation of European privacy directives as soon as legislation is in place.
Banks and retailers say they have already developed action plans to comply with the act, but some firms will be caught by surprise.
Andy Kirk, technical manager at data bureau Powerhouse Solutions, said the parts of the act involving exporting of data from the EU 'could prove to be a disaster for publishing'.
Powerhouse processes demographic information and transfers it electronically to places such as the Far East, and Kirk said he was previously unaware of the changes: "I think it has been kept fairly quiet," he said.
Lloyds TSB has since April been looking at the potential impact of the new law, and is preparing to issue implementation guidelines.
Retailer Safeway, which has also developed action plans, said it did not anticipate any additional costs for compliance.
The Data Protection Registrar said a company in compliance with the 1984 Data Protection Act will already be compliant with 80% of the new act, and with a three-year transition period cost of compliance will not be great.
Steve Ranger is a reporter on Computing
Acton's warnings come as Facebook is embroiled in one of the biggest data scandals in history
The unmanned tanks could eventually be kitted with AI systems
Dubbed I-MacEtch, it will help meet demand for more powerful nano-tech
GPU firm's research unit for self-driving cars is growing