General Data Protection Regulations (GDPR)
The GDPR came into force on the 25th May 2018. As the Counsellor and Psychotherapist owner of Bethnal Green Counselling, I am required by law to inform, potential and new clients what data I keep, why I keep it, how I keep it and for how long, so as to gain informed consent from you before we start therapy.
I explain this below in terms of my business, Bethnal Green Counselling.
What data do I collect?
This will usually be name, telephone number, email address, which might include information about why you are contacting me.
The contact and personal details are stored on my phone or computer both of which are pass-code protected. Any letters or documents I receive are kept securely in a locked cabinet. If we decide not to start therapy, any personal or contact-information will be deleted. If we decide to work together, I will store clients’ contact details on my pass-code protected business phone with my own anonymised coding for each client. Any emails will be password protected and stored with encryption via my email provider. This is kept to enable me to contact you if I need to during the therapy. Once therapy is finished, I will delete all contact and personal details, once the final invoice is paid.
If we decide to start Counselling/Psychotherapy
What data is collected?
I will need to take information from you that will include: name, address, telephone number, email address, GP details and any medication.
Why is this collected?
To contact you in between sessions, to rearranging or cancel a session due to illness or other reasons. It would also be available to my 'trusted colleague' to contact you if anything happened to me, such that I couldn't contact you myself. Or, if agreed between us, to contact your GP on your behalf.
How is this data kept and for how long?
This data is stored in a locked cabinet separate from my clinical notes (see below) and will be kept for the duration of the therapy, and up to the final invoice being paid. If there is an outstanding invoice, the data will be kept until full payment is paid, at which point it will shredded.
Clinical notes - Intake and ongoing
Why create these notes
The intake notes are helpful as a way of 'setting the scene' for the therapy. The ongoing notes are helpful for reflection, as an aide-memoire, and for clinical supervision. In clinical supervision, the identity of the client is not disclosed,
How do you keep these notes?
These intake notes are usually kept in paper form, and the ongoing notes are encrypted y on a password protected document on a memory stick. The notes themselves are also anonymized with my own coding system. The memory stick and paper notes are kept locked in a locked cabinet separate to clients’ personal details.
How long are they kept?
These notes are kept for a period of 4 years after the therapy has finished, at which time they are either shredded or deleted.
Why are they kept this long?
This is to allow for any complaint that a client decides to pursue in relation to the therapy, with the notes possibly forming part of that process.
I raise a paper invoice for clients.
Payments that are made via BACS and therefore on my bank account statements, are kept securely in a locked cabinet for 6 years as required by law re the HMRC. I keep my own 'cash book' with the amounts paid, with my own coding system for who has paid.
Other aspects of GDPR
Accessing Data (Data Subject Request)
Clients will have the right to request a copy of the data held on them. Clients also have a right to ask for changes to be made of their data.
Third Party Requests of Data
No data that is held in relation to clients (present or past) will be passed on or give to any other person or organisation, including the police and solicitors (except if a subpoena is issued by a Judge) without the signed agreement of the client.
If there is a breach of data, myself and my trusted colleague would investigate the breach and who or why it happened. I wold also inform the ICO and look at what action needs to be taken to rectify it. If any clients are put at risk, I would inform them as soon as possible and explain the situation.
Please sign and date below if you are in agreement with the Privacy Notice above.