Information Security & Data Protection Policy

Next Steps HR processes personal data in relation to its own staff and individual client contacts. It is vitally important that we abide by the principles of the Data Protection Act 1998 set out below.

Next Steps HR holds data on individuals for the following general purposes:

The Data Protection Act 1998 requires Next Steps HR as data controller to process data in accordance with the principles of data protection. These require that data shall be:

  1. Fairly and lawfully processed.
  2. Processed for limited purposes.
  3. Adequate, relevant and not excessive.
  4. Accurate.
  5. Not kept longer than necessary.
  6. Processed in accordance with the data subjects rights.
  7. Kept securely.
  8. Not transferred to countries outside the European Economic Area without adequate protection.

Personal data means data, which relates to a living individual who can be identified from the data or from the data together with other information, which is in the possession of, or is likely to come into possession of, Next Steps HR.

Processing means obtaining, recording or holding the data or carrying out any operation or set of operations on the data. It includes organising, adapting and amending the data, retrieval, consultation and use of the data, disclosing and erasure or destruction of the data.

It is difficult to envisage any activity involving data, which does not amount to processing. It applies to any processing that is carried out on computer including any type of computer however described, main frame, desktop, laptop, palm top etc.

Data should be reviewed on a regular basis to ensure that it is accurate, relevant and up to date and those people listed in the appendix shall be responsible for doing this.

Data may only be processed with the consent of the person whose data is held. Therefore if they have not consented to their personal details being passed to a third party this may constitute a breach of the Data Protection Act 1998.

Data in respect of the following is “sensitive personal data” and any information held on any of these matters will not be passed on to any third party without the express written consent of the individual:

From a security point of view, only those staff listed in the appendix should be permitted to add, amend or delete data from the database.

Data subjects, i.e. those on whom personal data is held, are entitled to obtain access to their data on request and after payment of a fee.

All requests to access data by data subjects i.e. staff members, customers or clients, suppliers, students etc should be referred to Neena Sharma, whose details are also listed on the appendix to this policy.




Neena Sharma, Managing Director, Next Steps HR

Pin It on Pinterest