The Information Commissioner's Office has demanded new powers to carry out spot-checks on private companies to verify their data handling processes.
The call came as the government published regulations aimed at outlawing the blacklisting of workers because of their union activities.
Earlier this year the ICO shut down The Consulting Association (TCA), a secret vetting operation set up by the construction industry. It successfully prosecuted Ian Kerr, the man who ran it, for breaching the Data Protection Act.
In a submission to the government the ICO said: "While recognising that its current powers have been used to take action in the TCA case, the ICO believes that it will only be able to enforce effectively against similar breaches if those powers are significantly improved."
The data watchdog says it needs to be able to undertake spot-checks on private companies "to audit their data processing".
At the moment it can only enter premises with consent or with a warrant, and in practice these have rarely been issued.
Although the Coroners and Justice Bill does make provision for the ICO to assess private companies without consent, it can only use these powers in a limited number of cases. The ICO would like to have that power automatically.
The watchdog also wants powers to fine organisations for serious breaches of data protection principles. Kerr was fined £5,000 by a crown court - a sum widely derided.
The government says its regulations would make it unlawful for organisations to refuse employment or sack individuals as a result of appearing on a blacklist; for employment agencies to refuse to provide a service on the basis of appearing on a blacklist; and enable individuals or unions to pursue compensation against those who compile, distribute or use blacklists.
If approved by parliament, the regulations could become law early next year.