data protection act?? UK

I work for a UK HQ company, a coworker of mine requested the company to provide him all emails in which he is mentioned (communications between other people about him) and the company complied as supposedly was required by the Data Protection Act.

What is the point of such an act? It seems to hinder business, now I have to worry about every email I write being ending up in the hands of someone else.

Just curious, why is this possible? I thought it was total BS when he told me he was going to do it.