General Data Protection Regulations, 2018 (GDPR) and how it affects me.
This legislation is to ensure that personal, sometimes sensitive, confidential data is held privately and securely, being processed in the way that you have agreed to. It protects your rights as a consumer involving your identifiable data e.g. your name and address and any reason you might have for attending personally or virtually. It also covers any session records, physical or electronic communications between us.
How long will you hold my information for?
Data is archived after 1 year from the last communication (session). I hold this archive for 7 years in line with accepted standards. Any records for individuals under 18 at the last session will be held until they reach their 26th Birthday. After this time, the data will be electronically shredded.
Can I ask for my information to be deleted before this date?
GDPR allows you to request deletion of any data specifically related to your therapeutic work with us, by making a request in writing. Any electronic data such as sessional notes, recordings, emails, or text messages would be permanently deleted. I will keep the written request as a paper record securely for 2 years.
Requesting copies of information, I hold related to you.
Written requests for information are actioned upon request. These requests are processed and passed to my indemnity insurers. Within the regulations these will be assembled and forwarded to you within the current required timescales.
Why do you need a record of this information?
In order to give you the highest quality support I can, I collect information about: what you want to achieve by coming for counselling, a small amount of medical information and some information about your important others, alongside brief session notes and recordings. This information allows me to refer to information about previous discussions and the content of earlier sessions. Your contact details/address and GP's details will only be used with your explicit consent.
How do I know that my information will be held securely?
Paper session notes – I do not hold physical notes or records.
Text messages - my work phone is secured with passcode and or fingerprint recognition or on a secure folder with a second level of encryption and security access.
Emails - my email account requires a username and password.
Do our discussions during the sessions remain confidential?
Everything we discuss during our sessions remains strictly confidential between you and me. On occasion I may need to discuss elements of our session with my clinical supervisor to ensure I am doing my job effectively. During these discussions I will not disclose any identifying details about you to my supervisor. My supervisor also adheres to the GDPR.
What if I see you away from a counselling session?
I am obliged by GDPR to protect your confidentiality, so for this reason, although I may acknowledge you, it would be better to avoid any further conversation. However, if you wish to discuss your therapy with other people, you are welcome to do so.
Will you discuss me with other health and social care professionals?
I am only able to contact other health and social care professionals with your written consent.
Should I need to write to your GP, this would be to act as an addendum to their medical records or to notify them that you have come for psychotherapeutic treatment. I would write again at the end of the therapeutic relationship completing the advisory cycle. I would require your signature in line with GDPR requirements.
The only exceptions to this would be if I believed that you were about to harm yourself or another, then I would be required to inform the relevant authorities as part of my duty of care. However, I would always aim to discuss this with you before taking any action. Legally, I would also have to provide the police with information as set out in a warrant or court order, should the situation arise.