GDPR Frequently Asked Questions
What is the General Data Protection Regulations, 2018 (GDPR), and how does it affect me?
The GDPR has replaced the 1998 Data Protection Act to ensure your sensitive, personal, and confidential data is held securely, kept private, and processed only in the way you have agreed to. GDPR protects your rights as a service or product consumer and your identifiable data, including your name, address, and specific condition. It also covers all the text messages, emails, and session records that we exchange.
How long will you hold my information for?
All therapists regulated by the CNHC must keep client data for eight years after the final session. If you are a child, I must hold your data until your 25th birthday. If you are 17 when treatment ends, I must keep it until your 26th birthday.
What if I don’t want my records to be held for that long?
As per GDPR guidelines, clients can make a written request if they want their records to be deleted. If you choose this option, all your paper records would be shredded, and any electronic data, such as text messages and emails, will be permanently deleted from the devices they are stored on. However, I will have to save your written request for deletion.
What information do you collect, and why do you need to record this information?
I collect the medical details of my clients, some basic information about the important people in their lives, and brief session notes. This information helps me provide a quality service to my clients and allows me to be equipped with the knowledge of the previous discussions prior to each new one. I also collect my clients’ personal details, such as their name, address, contact number, and email address. This information is used for appointment scheduling, rescheduling, and reminders. These details, together with your doctor’s details, will only be used with your formal consent.
What efforts are made to keep my information secure?
All hardcopy documents are stored in a locked cabinet in a locked room. All text messages are safe, as my mobile phone is secured with a pin code. All emails are secure, as my email account is protected with a user name and password. All electronic documents are stored on a password-protected computer.
Are our discussions confidential?
Everything we discuss during our sessions is strictly confidential. In some instances, to ensure that I am doing my job effectively, I may discuss critical points of our sessions with my supervisor. However, I do not disclose any details that may reveal my clients’ identities.
There are a few exceptions to GDPR guidelines. For instance, if my client discloses that they are going to harm themselves or someone else, I am obligated by law to inform the relevant authorities to protect my client and the people around them.
Similarly, if I receive a court order or police warrant for your information, I would have to provide them with your information by law.