The Information Commissioner's Office seem to be taking a pretty strict interpretation of the Data Protection Act. It feels a bit like shifting sands, with regulators and the Institute of Fundraising seeming to offer suitably different opinions. 

Obviously everyone should be paying attention to the ICO's pronouncements but are your database and systems up to date enough? And, as always with data, do you need to think about cultural change?