Data Protection

Health & Safety: Data Protection

General Data Protection Regulation (GDPR)

  • This protects information that is personal including contact details and medical information gathered. This information is usually gathered when completing record cards, consultations and appointments. Information needs to be stored securely and not shared with anyone without there being a valid reason to.

What is GDPR?

GDPR stands for General Data Protection Regulation. It’s a game-changing data privacy law set out by the EU which came into force from May 25th, 2018.

The Data Protection Act 1984 – states all information taken from the client must remain at all times private and not disclosed or discussed with anyone else apart from the client.

The Data Protection Act requires client information be used by the therapist only and not given to anyone else without the client’s permission. Client information and any notes you keep must be secure in an area where no-one else will have access to them, i.e. in a locked drawer or password protected area if kept on a computer. Clients have the right to ask to see personal data you hold on them.

Check & update the way you gain consent

For the purposes of GDPR compliance, consent means that you can use a person’s data only for the purposes that they have given you their express consent for. This also relates to any information that you’ve collected before GDPR came into play.

For example, if you collect a customer’s email address or telephone number when they book an appointment, you could claim that the lawful basis for collecting that data is that of ‘Legitimate Interest’ if you use it to send a confirmation or an appointment reminder. However, you can’t then simply decide to add that customer’s details to your marketing list so you can send them your latest special offers.

This is unlikely to be considered a legitimate interest, and would instead need you to gain the person’s express consent to use their data for that purpose. If you’re ever in doubt about which lawful basis to use when collecting data, consent is typically the best one to go for as it makes it absolutely clear that you have outright consent to use data for a specific purpose.

With that in mind, now is the time to look at the way you gather data and ensure that where you are using consent, you’re doing so in accordance with three rules:

  • That you’re obtaining the data fairly
  • That you’re gaining explicit consent to use the data given for a specific purpose
  • That you make it clear to the individual how they can withdraw their consent should they need to

Client Confidentiality

Confidentiality is an important part of the therapeutic relationship between a client and a therapist.  Whilst carrying out a consultation it is important for you to stress that all personal information relating to the client will remain completely confidential, and that information will not disclosed to a third party without the client’s written consent.

You can help maintain client confidentiality by:

  • Carrying out the consultation in private, or as privately as possible
  • Ensuring that all consultation and treatment records are stored in a secure place and never left lying around
  • Never discuss a client’s personal details or their treatment with another person