GDPR For Therapists: What You Need To Know

The introduction of GDPR has had a significant impact on data protection and how it is managed across all businesses within the UK. But what does it mean and is there more to it than just opting in or out? We take a look at what it means in terms of data protection for therapists.

What is GDPR?

GDPR or the General Data Protection Regulation is an EU regulation was introduced in May 2018 to replace the existing Data Protection Act. The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person and was put in place to ensure that personal data is collected, processed and stored appropriately.

Who does the GDPR apply to?

The GDPR applies to processing carried out by organisations operating within the EU or supplying services or goods within the EU. Those collecting data now have a greater responsibility to manage this information securely and fairly.

What does GDPR for Therapists mean?

The GDPR sets out the key responsibilities that anyone holding personal data for individuals must adhere to and ensure that personal data is:

1. Processed lawfully and fairly and in a transparent manner – So when you collect data from a client, you must do so by asking them to complete a form for example and be clear with them that you will be storing their details.

2. Collected for specific and legitimate purposes – You have a responsibility as a therapist, to be clear how a client’s data will be used, ensuring that the purpose is genuine.

3. Limited to what is necessary for the purpose specified – so you can’t tell a client that you are collecting their data to let them know if their appointment time changes and then bombard them with newsletters and special offers.

4. Only held for as long as is necessary for the purpose – If you have told a client that their data is to be held in relation to a specific treatment that you provide and they have agreed to this, you can’t continue to hold their data if you stop offering that treatment.

5. Processed in a manner that ensures security is maintained, preventing loss of data – when you hold someone’s personal data you must take all precautions to ensure that their data cannot be stolen. So, for example if client’s data is stored on your laptop, you must ensure that your laptop has a password to be able to access it and that it is stored securely.

What do you need to do to comply?

– Ensure that on the form that you use to collect client’s data or in contracts (if this applies), you are clear about why their data is being collected and stored and give clients a clear choice to opt in/opt out.

– You must also make it easy for clients to remove their personal data at any time, so you should have a standard statement on all correspondence with clients indicating that if they want to stop receiving information from you they can opt out. The process of opting out should be very clear and straightforward.

– Have a procedure in place for collecting, storing, managing and destroying any personal data to demonstrate that you are following the correct process.

What happens if you don’t comply?

There were penalties in place with the previous Data Protection Act if you did not comply. With the new regulation there are still penalties in place, but these are now higher.

So, although it seems like a complex area, GDPR simply provides more protection for individuals and their personal data. It is important to take the regulation seriously and ensure that you have the correct processes in place as penalties can be high if you are found not to be complying.

Related Blogs

Guide to Therapy Courses

Your Guide To Therapy Courses

If you're a practising therapist it's important to stay on the top of your game when it comes to the latest learnings; but what courses are available?
Therapy Licence

Do Therapists Need A Licence?

It's a question we're often asked, and the answer is not always straightforward. Take a look at our guide on therapy licensing rules.
Professional Liability Insurance

What Is Professional Liability Insurance?

Professional Liability Insurance is an important of any therapists insurance policy. Read our blog to find out what it protects you against.

Share this post