​Under the Data Protection Act 1998 all businesses in the UK that hold data about clients, contractors and employees (all referred to as “data subjects”), must have legal grounds for doing so.Historically, this has often been on the grounds of the data subject’s consent, which is not defined in the legislation, but is described in EU data protection directives as