The GDPR seeks to protect your privacy in respect of data held on you – particularly sensitive data.
In accordance with guidance from my governing bodies (BACP & UKCP) and my insurers, here is some information about the client data I collect, how it is stored, and for how long it is kept. I have thought carefully about my clients' privacy, and I handle all data with transparency, respect and care.
What information do I keep?
I keep the name, date of birth, contact information and GP details of all my clients. This is in case I need to contact them or their healthcare provider in the event of an emergency. I write brief session notes, but file names are coded and clients are not identifiable. My notes are kept entirely separate from any contact details. All data is stored electronically (encrypted and password protected). Paper documents are scanned, password protected and then the original is shredded.
Who else can access this data?
My supervisor has the password to my contact details file, and will access it to contact my existing clients in the event of my being unable to attend sessions due to illness or death. No one other than me has access to my session notes.
How long do I keep client data?
Six months after work is finished with a client, I erase all contact details, including all our online correspondence. I keep my session notes for seven years and then erase them. If you wish to withdraw consent to me keeping this data at any point, please email me.
Any request or enquiry regarding data control and processing should be sent by email. In accordance with GDPR, I will respond to requests within 30 days.