What is GDPR and how does it affect me?

The General Data Protection Regulation (GDPR) of 2018 replaces the 1998 Data Protection Act. It ensures your personal and sensitive data is kept private, secure, and processed according to your consent. It protects your rights as a consumer when sharing identifiable data, such as your name, address, or health condition, including session records and communications like texts and emails.

How long will my information be stored?

I am regulated by BACP and the business is insured by Oxygen. I am required to keep your data for 10 years after your final session. Data will be deleted in the January after these retention periods.

Can I request my records to be deleted?

Under GDPR, you can request your records be deleted in writing. Paper records will be shredded, and electronic data will be permanently erased. A deletion request will be retained, but no other data will be kept.

Why do you need this information?

I collect details about your treatment, basic medical info and session notes to provide effective therapy. Contact details are only used with your consent. Third-party services may collect anonymous data about website visitors.

How is my information kept secure?

• Paper records are stored in a locked cabinet

• Digital records are encrypted and password-protected on secure cloud servers

• Work phones and emails are secured with pins and passwords

• Any email attachments containing personal data are password-protected, with the password sent separately.

Is what we discuss kept confidential?

All sessions are confidential. I may discuss your sessions with a supervisor, but no identifying details are shared. Supervisors also adhere to GDPR standards.

If I see you outside of our sessions, I will not engage in conversation to maintain confidentiality. You are free to discuss your therapy with others, but I am obligated to protect your privacy under GDPR.

What about other health professionals?

Any communication with other healthcare providers will only occur with your signed consent. For example, if I contact your GP, I will ask for your permission first.

Exceptions:

If you disclose a risk of harm to yourself or others, I may need to inform relevant authorities. Additionally, confidentiality may be limited by legal requirements in England, including matters related to drug trafficking, terrorism, and money laundering.