On 25th May 2018 it became a legal requirement under the GDPR (General Data Protection Regulation) for your counsellor/psychotherapist to make their data processing procedure clear to you. Most importantly the GDPR made it a legal requirement for you to actively opt in and consent to these arrangements and the handling of your data. I abide by the General Data Protection Regulation (GDPR) and I am the data controller and processor for Mind Health Movement. You can find out more about the GDPR from the ICO (Information Commissioner’s Office – https://ico.org.uk/ ) Under the GDPR the I (the practitioner) need to make clients aware of the following :
Reason for collecting Personal Data/Information
I collect relevant personal information from clients to enable a working record of contact information, in case of emergencies (explained below), and for the ongoing work in the therapeutic relationship.
Our sessions are strictly confidential, and the contents will not be disclosed beyond good practice guidelines. These guidelines dictate the following exceptions to the confidentiality rule:
- I am required by the National Counselling Society (NCS) and the Association for Counsellors and Therapists working Online (ACTO) to engage in regular supervision. You may be discussed during the supervision; however your identity will remain anonymous. Clinical supervision is in place to ensure that your counsellor/psychotherapist/supervisor is working ethically and safely, and to ensure that you receive the best practice. I abide by ACTO and the NCS Code of Ethics.
- Counsellors/psychotherapists are required to break confidentiality if they have reason to believe you are at risk of harm to yourself and/or to others. If at all possible they would always discuss a potential breach of confidentiality with you in advance. They would break confidentiality only to the relevant persons or authorities for the purpose of assisting your wellbeing or the safety of others. If at any point during the counselling you were in need of emergency, medical, or additional support, I may ask for your consent to contact your GP or other appropriate services. If at any point during the counselling you reveal intent to cause risk of harm to others all counsellors are then legally bound to make disclosure to authorities.
- Under the GDPR the counsellor/psychotherapist also has a legal requirement to disclose data if you are involved in drug money laundering, planning terrorist’s offences or if a Court Order has been made.
- With regard to online counselling via email, text/message, and webcam, the police and other authorities can ask for access to an individual’s email account or synchronous messaging account where there is suspicion of illegal or terrorist activities. They can also ask counsellors/psychotherapists for access to stored Counsellors/psychotherapists are not able to guarantee confidentiality in these circumstances.
How will my Counsellor/Psychotherapist store personal data and for how long?
• Personal data pertaining to our sessions and work together will be as minimal as is possible and will be stored electronically under a client ID, and password protected. Any personal data/records of our sessions will be kept for up to 7 years after our work together has ended. After that time your personal data will be disposed of by wiping the files and shredding any handwritten information. You can also request (in writing) that all data is destroyed once our work together ends.
• Your telephone number will be stored only for contact purposes, until such time as our contact ceases. Then it will be completely deleted.
Your rights under GDPR
You have the right to request access to your client record and receive an explanation of what is held within it. You have the right to request erasure or correction of your client record. You will be made aware of any data breaches within 72 hours. You will be compensated for any damage or distress caused by the data breach. You have the right to complain to the ICO (Information Commissioners Office) if you are unhappy with the data processing arrangements.
- I collect, store and process personal information about you to enable me to run my counselling/psychotherapy practice. This information can include contact information, as well as information about your age, health (mental and physical), sexuality (where relevant to the therapeutic work), domestic and financial arrangements (where relevant) and other special category data. I am able to collect this information upon the legal basis of “Legitimate Interests”, as per GDPR regulations.
- Your information is stored anonymously, under lock and key and/or password protected. I may use this information to track the progress of our work together or to receive reflection and guidance from my supervisor. I will keep this information for up to 7 years, at which point it will be deleted.
- With regards to how this information is used, you have the right to have information about you deleted, have inaccuracies corrected, the right to access information about you – free of charge – within 1 month, the right not to receive any unsolicited marketing, the right to determine how information about you is processed and the right to complain if you are unhappy about any of the above by contacting the Information Commissioners Office here: https://ico.org.uk/concerns/, although I trust that you will try to discuss this with me in the first instance.
- Should anything happen to me that prevents me from attending a session and from communicating with you directly – such as illness or death – then I have appointed a Therapeutic Executor who would be able to access your contact details to inform you should this situation arise.
Your signed consent of the Privacy Statement & Personal Information form will acknowledge that you fully understand and accept the policy for records held, and also gives your consent to use of personal and sensitive personal data for the stated purposes.