What is the General Data Protection Regulations 2018 (GDPR) and how does it affect me? The GDPR replaces the 1998 Data Protection Act to ensure your personal and sensitive, confidential data is kept private and held securely and that it is processed in the way that you have agreed to. It protects your rights as a consumer of a service or product that might involve your identifiable data, e.g. your name and address or whether you have a specific condition. It also covers any session records, text messages or emails we exchange.
How long will you hold my information for? I will keep client records for 6 years as my insurers Towergate advise, that in the event of a claim, the Statute of Limitations would apply. This is a law prescribing a period of limitation for the bringing of actions of certain kinds and lasts for up to 6 years. After this time, I will destroy your paper records by shredding. I will also delete electronic copies of your information and correspondence after one month of us ending counselling.
What if I don’t want my records to be held for that long? Under the GDPR you can make a request in writing to me, for all your records to be deleted. In this case all your paper records would be shredded and any electronic data such as emails or text messages would be permanently deleted from the devices they are stored on. I would have to save the request for deletion you made but would not save any other data. My insurance company may want to verify the information I process.
Why do you need to record this information? During our sessions together, I will gather a small amount of medical information and a small amount of information about your important others, alongside brief session notes and contact details. This helps me to provide you with a high-quality service and ensures I am equipped with the knowledge relating to our previous discussions as well as supporting me during clinical supervision. Your contact details will only be used with your explicit consent. However, I may contact your GP if I believe you are at significant risk of harm but I will endeavour to gain your consent first. Please see the Consent Form I will provide at our first meeting.
What steps are taken to ensure my information is held securely? Hardcopy documents are all stored in a locked cabinet behind a locked door. Emails – my email account requires a username and password. Text messages – my work phone is protected by a secure pin number to access the locked screen. Email attachments – any attachments sent by email to you containing your personal information would be password protected and the password would be sent to you via text message.