What is the General Data Protection Regulations 2018 (GDPR) and how does it affect me?
GDPR replaces the 1998 Data Protection Act to ensure your personal and sensitive, confidential data is kept private and held securely and that it is processed in the way that you have agreed to. It protects your rights as a consumer of a service or product that might involve your identifiable data, e.g. your name and address or whether you have a specific condition. It also covers any session records, text messages or emails we exchange.
What information are you recording and why?
During our sessions, I will gather a short personal history and a small amount of medical information, alongside brief session notes and contact details. Your contact details will only be used with your explicit consent. I may contact your GP if I believe you are at significant risk of harm, but I will endeavour to gain your consent first.
What steps are taken to ensure my information is held securely?
Hardcopy documents are all stored in a locked cabinet.
Emails – my email account requires a username and password.
Text messages – my work phone is protected by a secure pin number to access the locked screen.
How long will you hold my information for?
I will keep client records for 6 years. After this time I will destroy paper records by shredding. I will delete electronic copies of your information and correspondence after one month of us ending counselling.
What if I don’t want my records to be held for that long?
Under GDPR you can request in writing for your records to be deleted. In this case your paper records would be shredded and any electronic data would be deleted. I would have to save the request for deletion you made, but would not save any other data. My insurance company may want to verify the information I process.