On 25 May 2018, the GDPR (General Data Protection Regulation) will replace and upgrade the existing Data Protection Act 1998 in the UK.
GDPR provides increased protection for all personal data relating to a living, recognisable individual. It is designed to encourage privacy so the process of capturing and using data (such as names, addresses and telephone numbers) must comply with GDPR from the very start.
GDPR aims to give people more control over their personal data and to simplify administration for international businesses with a process which applies across the European Union. The UK Government has already confirmed that Brexit will not affect the adoption of GDPR and that, post-Brexit, the UK’s own law (or a newly-proposed Data Protection Act) will directly mirror the GDPR.
GDPR applies to ‘personal data’, meaning any information relating to a person who can be directly or indirectly named by an ‘identifier’. There is a wide range of ‘identifiers’ including name, address, identification number, location or even an online code, depending on how difficult it is to attribute the code to a particular individual. The GDPR applies to both automated personal data and to manual filing systems where personal data is accessible.
I will make every effort possible, to comply with the principles of EU General Data Protection Regulation.
The six principles are:
Lawful, fair and transparent
Data collection must be fair and for a legal purpose. I must be open and transparent as to how the data will be used. Limited for its purpose
Data can only be collected for a specific purpose.
Any data collected must be necessary and not excessive for its purpose.
The data we hold must be accurate and kept up to date.
I cannot store data longer than necessary.
Integrity and confidentiality
The data I hold must be kept safe and secure.
To comply with the above:
Any personal information I hold about you, you are made aware of in our first and last session, i.e. Name, phone number and email address, and notes taken during our sessions.
I only keep your details for two years following your last appointment with me.
I will keep all notes made during our sessions in a safe secure place.
I will not pass any details on to anyone else at all
If I produce any promotional material you will be invited to OPT in to hear from me in the future
I will meet any access requests for information within a one-month timeframe. Under the GDPR, people have the right to a) access all their personal data, b) rectify any inaccuracies, c) object to processing in certain circumstances or d) completely erase all their personal data. Each request carries a timeframe and deadline of one month.
If you have any further questions about GDPR or your personal data, please contact me on 07757710616