Data Protection

ESTA Data Protection and Confidentiality Policy and Procedures


ESTA are required to collect information about the people they employ and the candidates they support.
ESTA has developed a policy to ensure compliance with the Data Protection Act (1998), which came into force on 1 March 2000. The focus of the Act is on protecting personal data, which is information from which an individual can be identified. This includes data that is stored as hard copies and/or on computer systems, including emails.
ESTA is registered with the Information Commissioner’s office.


ESTA has a commitment to:
  1. Only collect the minimum amount of personal data
  2. Always obtain consent
  3. Always communicate the purpose(s) of the data collection
  4. Only use data for specified and lawful purposes
  5. Only process data in any manner compatible with those purposes for which it was obtained
  6. Regularly review data collection and the purposes for which this data is collected
  7. Only collect relevant data
  8. Always hold data securely for the minimum period of time required for the specified purpose
  9. Always destroy data when data is no longer required to be held
  10. Always publicise the Data Protection policy to all staff and candidates
  11. Always facilitate individual requests for data within specified rules


  1. Clive Monk, Development Manager has responsibility for data protection within ESTA and the Chairman (Dave Audley) can act in his absence
    • All PC's and laptops require a password to access them.
    • All PC's and laptops have current and up to date Internet security programmes running
    • All stored written or printed documents are held in the ESTA office which is at the Development Manager's home.
    • Development Manager is responsibility for security control of all written records being used during the day to day operation.
    • Any documents that contain any personal details and data that are no longer required will be shredded by Development Manager
  2. Security measures are in place to safeguard personal information.

  3. Development Manager will ensure compliance with this policy
  4. The policy is available on the website.
  5. Any unauthorised or unlawful processing of personal data will be dealt with by the ESTA management Committee.