GDPR states that personal data must be:
Collected purely for specific and clearly stated legitimate purposes
Sufficient for purpose and limited to what is necessary for it's purpose
That is accurate and up todate
Is stored for a period of time necessary, and no longer
Processed and stored in a manner that ensures appropriate security of the personal data.
Further information regarding GDPR can be sourced at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
The term personal data applies to any identifiable information which is kept by me on tmy service users.
Online Counselling Clients
1. Your personal data will be kept securely on paper in a locked cabinet and destroyed once our work ends.
2. Any material relating to your contact details will be stored separately to any notes kept for each time you have a counselling appointment/exchange. This helps to ensure anonymity for clients .
3. All paper records will be deleted after a period of 5 years
4. After you have ended your counselling details of email contact will be deleted from the counsellor's mail account
5. Where client material is taken to a supervision meeting (Ethical Requirement), the counsellor will not share any personal data or session material with the supervisor which would in any way identify a client. The purpose of supervision is to monitor Ethical practice of the counsellor and although clients issues may be discussed, this is presented in a general manner, and not necessarily specific to a client.
In respect of confidentiality of client work, the counsellor will not break confidentiality or pass on any identifying material of a client unless there is immediate risk of harm to a client, and the risk cannot be safely resolved by the counsellor and client. Wherever possible the client will be informed if it becomes evident that confidentiality cannot be maintained. Exceptions to this are acts of terrorism and other UK legal requirements for breaking of client confidentiality within counselling relationships.
Under GDPR, clients and other service users have the right to ask for copies of any personal data stored and also to ask for this data to be deleted. For legal and ethical reasons I am required to keep limited client data for a period of five years. Copies of any data can be provided upon request.