How about using LDAP? It's a bit complicated to learn but it's easy to integrate it in a bunch of applications and it allows you to manage user accounts and permissions in one central place.
Maybe try LLDAP which is a modern implementation (haven't used it myself) which is designed to be simplified and I assume more welcoming to newcomers.
The UK has a data protection agency? Does the UK know? Have they been asleep for the past 20 years?