What is GDPR and how does it affect me?
The GDPR replaces the 1998 Data Protection Act to ensure your personal and sensitive, confidential data is kept private and held securely, being processed in the way that you have agreed to. It is there to protect your rights as a consumer of a service or product that might involve your identifiable data, e.g., your name and address or whether you have a specific condition. It also covers any session records, text messages or emails we exchange.
I am committed to complying with the terms of the GDPR and to the responsible and secure use of your data. I am also registered with the Information Commissioner’s Office (ICO), reference: C1385078.
How long will you hold my information for?
I am regulated by the BACP and insured by Marsh Ltd. Their requirements are that I must hold your data for 6 years after your final session. Unless you are a child, in which case I must hold your data until your 25th birthday, unless you are 17 when treatment ends and then I must keep it until your 26th birthday. Therefore, all records will be deleted in the January after the above retention scales.
Personal data rights
If you would like to see the information I hold about you, or would like to correct, update or delete any records, please email me at: If you have any concerns about my use of your data, please contact me directly at the same email address. I will do my utmost to resolve any concerns you have. If for any reason, I cannot resolve the issues you may choose to contact the ICO directly.
What if I don’t want our records to be held for that long?
Under the GDPR you can make a request in writing to me, for all your records to be deleted and I would refer this request to my Insurer for their approval. Once this is given, all your paper records would be shredded and any electronic data such as emails or text messages would be permanently deleted from the devices they are stored on. I would have to save the request for deletion you made but would not save any other data. In some circumstances my insurance company’s legal team may want to verify information I send out.
Why do you need to record this information?
I collect information about; why you are using the service, a small amount of medical information and a small amount of information about your important others, alongside brief session notes. This information enables me to provide a high-quality service to you, ensuring I am equipped with the knowledge of our previous discussions prior to each session. Your data will only be used to provide you with my services, and I will not share your details with any other person or organisation without your knowledge and permission unless there is a legal requirement as stated in the counselling contract.
What lengths are made to ensure your information is held securely?
I will take all reasonable precautions to prevent the loss, misuse, or alteration of information you give me.
Hardcopy documents – Are all stored in a locked cabinet in a locked room/building.
Text messages – My phone is secured with a pin code.
Emails – My email account requires a username and password.
Laptop – My laptop is password protected and has the latest anti-virus software installed. I also keep up with the latest software updates.
Is what we discuss kept confidential?
Everything we talk about during our sessions are strictly confidential between you and me. To ensure I am doing my job effectively and that I have the right support, I may discuss elements of our sessions with my supervisor. During these discussions I do not disclose any details that may identify you to my supervisor, and my supervisor also adheres to the GDPR.