I abide by the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and am the registered data controller and processor for Mindfulness Therapies. You can find out more about the GDPR and the UK 2018 Data Protection Act from the ICO (Information Commissioner’s Office - https://ico.org.uk). The key issues are outlined below.
Under the GDPR the practitioner needs to make clients and supervisees aware of the following:
1. The reason for collecting Personal Data/Information
I collect relevant personal information from clients and supervisees to enable a working record of contact information, in case of emergencies (explained below) and for the ongoing work in the therapeutic or supervisory relationship.
2. Confidentiality – Will my Psychotherapist or Supervisor share my Data?
I adhere to the ethical guidelines of my professional registration body, the Nursing and Midwifery Council (NMC) and my psychotherapy accrediting body, the British Association for Behavioural and Cognitive Psychotherapy (BABCP) and provide confidentiality within these guidelines.
The information you share in your sessions will not be shared with anyone else. However, there are some rare exceptions which may ethically and/or legally require information to be shared, as follows:
a. I share information with my clinical supervisor in clinical supervision, as per good practice. However, I do not identify my clients in supervision.
b. I may need to share my concerns with other professionals, such as your general practitioner, if I assess there to be a risk of harm to yourself or others. I will attempt to discuss this with you in the first instance.
c. I have a legal obligation to share information with appropriate authorities if you report criminal activities relating to terrorism, money laundering, or abuse of children or vulnerable adults. I can also be legally obliged to share information if I am presented with a court order to do so.
d. Police are able to make an access request to any records, texts, and emails if they suspect illegal activities. I am not able to guarantee confidentiality under such circumstances.
3. How will my Psychotherapist or Supervisor store personal data and for how long?
Personal contact details and session notes will be stored using a password protected and encrypted record keeping system. Any handwritten information will be coded and stored under lock and key. Personal data/records of our sessions will be kept after our work together has ended for only as long as it is required. Your personal data will be disposed of by wiping the electronic files and shredding any handwritten information. You can also request (in writing) that this data is destroyed : during our contact, once our work together ends, or at any time thereafter.
4. Your rights under GDPR
You have the right to request access to your client record and receive an explanation of what is held within it.
You have the right to withdraw consent, to request erasure or correction of your client record, to request portability where it applies in law, and to object to or restrict collection and processing of your data.
You have the right to know the source/s of personal data not originating from yourself, and the right to not receive unsolicited marketing.
You have the right to be made aware of any companies automatic decision making processes (e.g, profiling) and any significance and consequence for yourself.
You will be made aware of any data breaches within 72 hours. You will be compensated for any damage or distress caused by the data breach.
You have the right to complain to the ICO (Information Commissioners Office) if you are unhappy with the data processing arrangements, and to engage representation from a not-for-profit body in doing so.
To summarise :
I collect, store and process personal information about you to enable me to run my psychotherapy practice. This information can include contact information, as well as information about your age, health (mental and physical), sexuality (where relevant to the therapeutic work), domestic and financial arrangements (where relevant) and other special category data. I am able to collect this information upon the legal basis of "Legitimate Interests", as per GDPR regulations.
Your information is stored using password and encryption protected clinical note-keeping software. I may use this information to track the progress of our work together or to receive reflection and guidance from my supervisor. I will keep this information for only as long as it is required. When deleted it will be by wiping electronic files and shredding any handwritten information.
With regards to how this information is used, you have the right to have information about you deleted, have inaccuracies corrected, the right to access information about you - free of charge - within 1 month, the right not to receive any unsolicited marketing, the right to determine how information about you is processed and the right to complain if you are unhappy about any of the above by contacting the Information Commissioners Office here: although I trust that you will try to discuss this with me in the first instance.
Should anything happen to me that prevents me from attending a session and from communicating with you directly - such as illness or death - then I have appointed a Therapeutic Executor who is a UKCP registered clinical psychologist and observes both their Ethical Framework and existing Data Protection laws. The Therapeutic Executor would be able to access your contact details and inform you should this situation arise.
Your signed consent of the Privacy Statement & Personal Information form will acknowledge that you fully understand and accept the policy for records held, and also gives your consent to use of personal and sensitive personal data for the stated purposes.
Any working contract shall be construed and governed in all respects in accordance with the laws of England and Wales and any dispute or differences in relation to this agreement shall be subject to the exclusive jurisdiction of the English Courts.
Mindfulness Therapies 2020