Any organisation that holds data has a responsibility to protect the privacy and integrity of data held on individuals. It ensures that individuals associated with an organisation (customers and employees) have access to their data and can correct it if necessary. The Data Protection Act has be replaced by the new General Data Protection Regulation (GDPR) on May 25th 2018.
This guide from Get Safe Online gives an overview of GDPR in the UK.
In the UK the Information Commissioners Office is an independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The Your Data Matters section of their website provides a comprehensive guide to making sure your data is used correctly and how you can complain if it isn't.