GDPR Compliance - What's Changed?
Whilst GDPR requires the maintenance and privacy of sensitive data - I consider it a necessity of professionalism, especially as our communication is based on trust.
Personal data includes: personal details, financial, educational, employment, lifestyle as well as visual imagery.
Sensitive data could include such details as racial or ethnic origin, religious persuasions, mental health, and political beliefs.
Data Protection technically falls neatly into four separate parts; which includes HOW I look after the data - which might include (based on the nature of my work) contact details and relevant notes. It is important that I can demonstrate where and why I have this data, when, where, and for how long. Data areas would include: account information, email communication and address, client records (notes), contact forms. Safe storage would include reliable electronic storage or lockable filing kept within a safe and secure location.
The second area within GDPR is 'What and Why' - the justification for holding this data rather than destroying it immediately. The first and most important reason within therapy services is that it was You (the client) that made the enquiry and in doing so, consent is given to contact you based on your request for me to do so.
In commencing therapy we will discuss your requirements and Contract. As a therapist I have no purpose for holding data for commercial purposes (unlike data analytical service providers).
Part three of my GDPR requires that I protect YOUR RIGHTS. It requires that I am open and transparent with you regarding what information I hold about you, and any intentions to use it and how I collated it, and for how long. Equally it is important that you are fully aware of your rights.
And finally that I am aware of my own obligations.
Free information regarding Obligations and Data protection can be checked here: https://ico.org.uk/
What the BACP say about Changes in GDPR.
'The changes introduced by the General Data Protection Regulation represent a shift in orientation towards the processing of personal data. Necessarily, this is a key task for Counsellors and counselling organisations. In broad terms, the changes operate firstly at the level of organisational policy and then at the level of practice. At the policy level, organisations need to establish appropriate policies, for example, by nominating a data protection lead, with overall responsibility for data protection.'