Privacy notice for clients - Elizabeth Sach - ICO Registration number ZA341935
The GDPR came into force as a legal requirement from 25th May 2018. It updates rights for a networked world and sets out the purpose and legal basis for processing client personal data.
Elizabeth Sach (the counsellor) is the Data Controller for ‘es counselling’ and is registered with the ICO.
Article 5(2) of the GDPR requires that:
“the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
In order to comply with this responsibility the data controller will ensure that personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to clients.
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
d) accurate and kept up to date.
e) kept in a form which permits identification of data subjects for no longer than is necessary.
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.
What does this mean in practice?
In accordance with the ethical principles set down in the BACP Ethical Code and the requirements of the GDPR (2018):
All sessions will be confidential to the counsellor and the clients and the counsellor will not divulge the contents to anyone else without the clients’ written permission. If one client attends alone then the contents of that session will be confidential to the counsellor and the individual client and will not be divulged to anyone else including the other client without the individual client’s permission.
The counsellor will make brief process notes which are available to the clients to inspect, subject to paragraph 1 above. She will also make her own counselling notes which are confidential to the counsellor. This is to ensure accuracy and continuity.
The counsellor will discuss cases with her supervisor and at case supervision groups. The counsellor undertakes to discuss the clients’ cases in such a way that they are not identifiable. All colleagues are bound by confidentiality in the same way as the counsellor.
All records will be stored securely and in line with good practice. They will be retained for seven years after the end of the service and then securely destroyed unless otherwise specified.
Safeguarding: if clients (jointly or separately) disclose information which the counsellor believes places themselves or another person, especially a child, at risk of serious harm then the counsellor may at, her discretion, break confidentiality to protect the third person. This would be discussed with clients first.
Legal requirement for disclosure: this would apply if clients disclosed illegal activity associated with terrorism, drug or money laundering or via a court order for disclosure.
Under the GDPR clients have the right to:
access a copy and explanation of their personal data
request a correction or erasure, in certain circumstances
request limiting or ceasing data processing, where applicable
compensation for substantial damage or distress caused by data processing, where applicable
The ICO website has further details about these rights, accessible at https://ico.org.uk Clients have the right to complain to the ICO if they believe there is a problem with the way their data has been handled.