General Data Protection Regulation (GDPR)
What is GDPR?
GDPR stands for General Data Protection Regulation. It’s a game-changing data privacy law set out by the EU which came into force from May 25th, 2018.
The Data Protection Act 1984 – states all information taken from the client must remain at all times private and not disclosed or discussed with anyone else apart from the client.
The Data Protection Act requires client information be used by the therapist only and not given to anyone else without the client’s permission. Client information and any notes you keep must be secure in an area where no-one else will have access to them, i.e. in a locked drawer or password protected area if kept on a computer. Clients have the right to ask to see personal data you hold on them.
Check & update the way you gain consent
For the purposes of GDPR compliance, consent means that you can use a person’s data only for the purposes that they have given you their express consent for. This also relates to any information that you’ve collected before GDPR came into play.
For example, if you collect a customer’s email address or telephone number when they book an appointment, you could claim that the lawful basis for collecting that data is that of ‘Legitimate Interest’ if you use it to send a confirmation or an appointment reminder. However, you can’t then simply decide to add that customer’s details to your marketing list so you can send them your latest special offers.
This is unlikely to be considered a legitimate interest, and would instead need you to gain the person’s express consent to use their data for that purpose. If you’re ever in doubt about which lawful basis to use when collecting data, consent is typically the best one to go for as it makes it absolutely clear that you have outright consent to use data for a specific purpose.
With that in mind, now is the time to look at the way you gather data and ensure that where you are using consent, you’re doing so in accordance with three rules:
Client Confidentiality
Confidentiality is an important part of the therapeutic relationship between a client and a therapist. Whilst carrying out a consultation it is important for you to stress that all personal information relating to the client will remain completely confidential, and that information will not disclosed to a third party without the client’s written consent.
You can help maintain client confidentiality by: