top of page

Data Protection Policy

Last Updated: November 2021

Applicability and Scope Statement

This policy applies to all employees of Training Strategies regardless of role and location. Its provisions extend to those working on our behalf. Failure to adhere to this and associated policies, may lead to disciplinary proceedings up to and including dismissal.

This policy also applies to all of Training Strategies customers, sub-contractors and partners.

NB: When working on external sites/establishments all staff need to make themselves familiar with any policies relevant to the specific working location


The policy and associated procedures aim to ensure that personal data is collected, stored, transferred and disclosed only in compliance with applicable legislation, primary the data Protection Act 1998 (DPA) and requirements of GDPR.


This policy applies to anyone collecting or processing personal data in connection with their work, studies or other activities in association with Training Strategies. The DPA and GDPR have braod applicability, covering all processing of personal data; it places additional restrictions and responsibilities on the processing of sensitive personal data.

See Appendix 2 - Key Principles for simple definitions of "data", "personal data" and "sensitive personal data".


Training Strategies will ensure that:

  1. A member of the Executive Team acts as the Strategic Data protection Lead, supported by the Data Protection Officers in the business support department.

  2. Meetings are held which introduce staff to the concept of a Data Protection Policy and to this policy; including staff induction, Management Team, and department team meetings; to enable ongoing dialogue around protecting personal data held by Training Strategies.

  3. Support staff with primary responsibility for processing of personal and sensitive information receive training appropriate to their day to day duties, and be required to maintain a level of operational understanding and awareness for the implementation of this policy and associated procedures. They will receive refresher training every 2 years.

  4. All Training Strategies staff receive a level of training appropriate to their role, with refresher training every 3 years. This will be recorded and monitored through Workforce Development records.

  5. Information technologies are used to ensure that this policy is accessible to all users.

Communication Flow

  1. The policy is approved by the Training Strategies Directors.

  2. The policy is communicated to all staff through staff induction, the staff intranet, email, training and refresher training.

  3. The directors meet regularly to assure the implementation of the Data Protection Policy and requirements of GDPR, to keep up to date with legislation and guidelines and to identify issues arising.

  4. Users of Training Strategies IT facilities and those with access to personal information receive a level of training appropriate to their role, with refresher training every 3 years. This is recorded and monitored through central Workforce Development records.

Monitoring of Implementation

The implementation of the Data Protection Policy is continuously monitored by the ICT Manager and assured by the Directors.

The Data Protection Policy is reviewed bi-annually by the Directors.

Associated Information and Guidance

The IT Acceptable Use Policy contains a fuller list of IT-related legislation; of particular relevance to the Data Protection Policy are:

  • Data Protection Act 1998

  • Human Rights Act 1998

  • Data Protection (Processing of Sensitive Personal Data) Order 2000

  • GDPR

  • Regulation of Investigatory Powers Act 2000

  • Freedom of Information Act 2000

  • Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended)

Further guidance:

The Information Commissioner's Office "Guide to Data Protection"

The Jisc "Data Protection" Guide

Related Training Strategies Policies and Documents

The related documents below can be requested by contacting

  • Code of Conduct

  • Privacy Statement

  • Information Security Policy

  • IT Acceptable Use Policy

  • Safeguarding Policy

  • Disciplinary Policy

bottom of page