background image
14th November 2018 
Labyrinth

Complying with the new General Data Protection Regulation (GDPR)

As a therapist, I recognise my responsibility to handle all personal data confidentially and securely.

I outline my data handling process here so that you are aware of what happens to your data when you contact me.

1. I do not keep emails from you for longer than one month from the date they were sent within my email inbox. I may, if the content of the email is relevant to your ongoing contact with me, copy the content into my secure online data storage platform (see below).
2. I ask you, at initial contact, to complete an online survey, giving me basic personal information about you - name/address/contact details/name of GP/details of any medication you are taking. This is to enable me to have relevant contact details/medical information should I need to contact either yourself between appointments, or a third party in an emergency. Once you complete this survey (www.smartsurvey.co.uk) I download a PDF of your information and upload that PDF direct to my secure online data storage platform. The survey results are then deleted from the SmartSurvey platform.
3. All personal information is kept on a secure online platform (bac-pac.co.uk) . This platform complies with the GDPR requirements for safe storage of personal, sensitive information. This is the information from their parent company, Mayden:

"Mayden, the company behind bacpac has over a decade of experience
handling confidential patient data. We have reviewed our procedures and
policies in the light of the GDPR and the necessary steps to comply with
the new measures.
Mayden is ISO 27001:2013 accredited. This internationally recognised
information security management standard ensures that a business has
stringent processes in place to ensure data confidentiality and to identify,
manage and reduce risks to information security. "

4. I keep notes about you after each session. These are brief, factual notes and do not contain personal opinions/diagnoses/hypotheses. Notes are kept for up to six years after the end of your contact with me. At the end of that period, your notes and all personal information associated with our contact is securely deleted by Mayden.
5. You may request a copy of your notes at any time. Please make such requests in writing. If there is any information about a third party in your notes (eg name of family members) this information will be removed before notes are handed to you.
6. Please help me to keep your data up-do-date and accurate. If you move, or change your phone number, let me know so that I can update your records.
7. I never share any of your personal stored information with anyone else. I do have clinical supervision where I discuss cases and get feedback on my work, but information revealed here is limited to first names only and my supervisor adheres to strict confidentiality .