Safety Training Woodworking European General Data Protection Regulation (GDPR) Policy


The European General Data Protection Regulation (GDPR for short) is built around two key principles. Giving citizens and residents more control of their personal data and simplifying regulations for international businesses with a unifying regulation that stands across the European Union (EU)

It’s important to bear in mind that the GDPR will apply to any business that processes the personal data of EU citizens which means that it could also apply to companies based outside of the EU.

We at Safety Training Woodworking fully accept the regulations and comply with them; the following sections will explain how Data is managed in our business:

1.    What data is stored?

2.    How it is stored physically?

3.    How it is stored electronically?

4.    How information is protected?

5.    How information is securely destroyed?

6.    Is information passed to others?

7.    How can information be requested by others?

1/   Safety Training Woodworking collect data relating to their training operation, the type of data is split into:

Company name, address, phone numbers and company contact names and phone numbers.

Dates of attendance.

Machine types trained on.

Trainee names.

Trainee pass certificate copies.


2/ Physical storage in the business is on paper, filed in folders kept in the office on a

     bookshelf. – Accessible by the two directors only.

3/ Information is stored electronically in a Laptop kept in the office, it is not moved     away from the business address. It is backed up on a separate hard drive.

     – Accessible by the two directors only.

     No information is stored on pen drives, USB sticks etc.

4/ Protection of physical information is afforded by the office being lockable and also being in a locked building.

     Electronic information is as above but the laptop is password protected and has MacAfee software virus and firewall protection. The back-up device is password protected and hidden in a secure area away from the laptop.

5/ Physical information is shredded before binning. Electronically stored information is securely deleted by 5 passes of delete software and if the laptop was to be replaced then the old laptop would physically be destroyed, making sure the hard drive was smashed.

6/ Information on any of the training is not passed to others for any reason.

7/ Information stored on an individual or company by ourselves can be requested by the individual, they make the request in writing, with who they are and why they need the data. We will then respond within two weeks.

     Individuals have more rights on how businesses use their data. In some instances, they have the ‘right to be forgotten’ if they no longer want you to process their personal data, we would acknowledge that right.

If we thought information had been compromised we would contact the relevant authority and people / businesses potentially affected.


Date 24.05.2018

Mr Damian Smith