The General Data Protection Act (GDPR) which came into force in May 2018, changed the rules about the collection and holding of personal data. As a result, I am now required to obtain your consent in order to keep personal information about you. This information is necessary for me to be able to provide you with therapeutic services.
What are the new rules?
GDPR 2018 states that:
- I can hold information on you only with your explicit consent
- I can only use it for the reasons you have consented to
- I can only share it if required to do so for legal reasons
- The information must always be up to date and accurate
- Your data must be kept securely and will be safely destroyed as soon as it is no longer needed.
What data is kept and why?
Your name, date of birth, address, telephone and email details. Your GP’s name and contact details, as well information about medication you may take. The name and telephone number of an emergency contact for you. I also keep basic notes about our sessions.
What is the data used for?
To be able to contact you and maintain records of your therapeutic process. Information about your next of kin and GP, is to ensure safeguarding is guaranteed where necessary.
Where is the data stored?
Session notes are kept as paper files in a locked filing cabinet. There is no identifying information kept with these notes. Personal data which is stored electronically is encrypted and password protected. Emails are deleted as soon as they are no longer needed.
Is the data shared with anyone?
Only in very specific situations (as set out in your Client Contract).
How long is the data kept for?
Your personal data is only kept as long as necessary. It is needed for as long as you continue to receive therapeutic services from me. When our work together is completed, after a short period of time all paper files will be shredded and electronic data deleted.
What are your Rights?
You have the right to:
- See any of the personal data I hold.
- Ask me to amend any data that is inaccurate.
- Ask that I delete your personal data at any time.
- Refuse the processing of your data.
- File a complaint with the Information Commissioners Office.
Data Protection Concerns
If you have any concerns about how I have handled your data, you can complain to the Information Commissioners Office https://ico.org.uk/your-data-matters/.
My ICO registration reference is: ZA352101