The Information Commissioner's Office (ICO) now has the power to impose " substantial" fines on companies flouting data protection legislation in the UK.

The new powers come under the Criminal Justice and Immigration Act which has recently been given Royal Assent.

The Data Protection amendment was proposed by Liberal Democrat MPs while the Bill was being debated in the House of Commons, and the amendment has since been adopted by the government.

New powers will be applicable to any organisation which "deliberately" or " recklessly" commits a serious breach of the Data Protection Act.

The Act does not apply retrospectively. The ICO is currently waiting for notification from the Ministry of Justice as to when the Act will be effective.

"This new power will enable some of the worst breaches of the Data Protection Act to be punished," said David Smith, deputy Information Commissioner.

"By demonstrating that the law is being taken seriously, tougher sanctions will help to reassure individuals that data protection matters and give them confidence that organisations have no choice but to handle personal information properly."

Prosecution of breaches of the Data Protection Act will be limited to fines and will not be extended to jail sentences for company directors found to be responsible, said a spokesperson for the ICO.