The DPA is probably fine for smaller data controllers...
...it's the larger one's that suffer.
I complete Subject Access Requests for a large multinational telecoms company and would never question an individuals rights to access the data we hold, what I would question are the statuatory fees we are allowed to charge for providing this data. £10 doesn't even cover the postage costs involved in sending the data we hold out and it most defintley does not cover my time.
I notice the the Goverment have worked a sliding charging scale into the Freedom Of Information Act so the Civil Servants can charge fair rates for the provision of data and it's doesn't end up out of pocket, unfortunatley, the public sector can only charge a tenner which is just totally unrealistic!
The only thing that needs revising in relation to the DPA is a sliding charges scale and a review period, so they are obliged to review the charging scale either in line with inflation or over 10 years or so.
The only other comment I have to make are the people who request all data held just for the hell of it, as stated I won't question a persons rights to access the data we hold, but only ask for the data you need! As much as it pleases me to box it all up and send it out to you, it's a massive waste of paper and we both know that the bulk of the data I send out will end up straight in the bin when you realise just how much stuff you've been sent that is of absolutley no use to you whatsoever!