General Data Protection Regulations- GDPR 

GDPR and Counselling and Therapy

Under the GDPR all persons are entitled to know:
a) who will control/process their information- who will be the Data Controller and the Data Processor;
b) the ‘Lawful basis’ under which their data is collected/used;
c) what data will be processed;
d) how data will be held;
e) what rights they have in relation to data held;
f) how to make a complaint to the ICO.

Executive Counselling will be the ‘Data Controller’ and ‘Data Processor’ The Data Protection Officer (DPO) can be contacted on enquiries@executivecounselling.co.uk
 
The new GDPR requires that any processing of an individual’s data must be undertaken on a ‘Lawful basis’ Practitioners in counselling and psychotherapy professions who are members of the BACP are required under the BACP’s Ethical Framework to:
‘keep accurate records that are adequate, relevant and limited to what is necessary for the type of service being provided and comply with the applicable data protection requirements. (BACP 2018: Good Practice, point 15)’. Please be aware that due to the nature of the contracted services there is a likelihood that there will be a requirement for ‘special categories of personal data’ to be recorded such as health issues/conditions/diagnosis, gender, sexuality, religious beliefs. 

Counsellors are also required to provide clients with the relevant information and enter into an agreement or contract with them about the terms on which the service will be provided.

As such the ‘Lawful basis’ for processing client’s data will be in the delivery of a ‘contract for services’ or ‘legitimate interest’ where counselling is provided via a third-party organisation.

Executive Counselling will process your data in the following ways:

1. The completion of a screening and assessment form.
2. The review and signing of a contract for services.
3. Referral from a third-party organisation (the data controller will be the referring organisation).
4. Client notes completed after each counselling appointment.
5. Letters to other professionals requested by the data subject.
6. Sharing of data with third parties where a ‘risk of harm’ has been identified.

The protection of your data

We have a requirement to maintain any records according to GDPR standards. We will be processing your data by electronic means via telephone contacts, calls, text messages and by utilising the devices appointment calendars. For these purposes your information will be kept in a password protected device only accessible by your counsellor.

We will maintain other records manually in a logical and structured filing system. Your screening and assessment document will be separated from appointment notes and these will be anonymised by the application of a client number. 

Your information will be retained for a period of no longer than seven years. You may request access to the information held and copies will be provided to you within 14 days of your request, this is called a ‘Subject Access Request’.

You have the right to request the rectification of any information held and also the right to request erasure of personal data once the seven-year period has been reached. Please note if your counsellor is not the ‘data controller’ then you will be advised of the referring agency’s details.

Please be aware that due to the nature of the work undertaken records from sessional appointments are not transferable to other persons/organisations.

Should you be unhappy at any time in relation to the way in which your data is being processed you can complain to the Information Commissioner’s Office
https://ico.org.uk/                 Telephone: 0303 123 1113.

GDPR and Executive  Business Consultancy Services

Under the GDPR all persons are entitled to know:
a) who will control/process their information- who will be the Data Controller and the Data Processor;
b) the ‘Lawful basis’ under which their data is collected/used;
c) what data will be processed;
d) how data will be held;
e) what rights they have in relation to data held;
f) how to make a complaint to the ICO.

Executive Consultancy Services will be the ‘Data Controller’ and ‘Data Processor’ The Data Protection Officer (DPO) can be contacted on enquiries@executivecounselling.co.uk
 
The new GDPR requires that any processing of an individual’s data must be undertaken on a ‘Lawful basis’ 

As such the ‘Lawful basis’ for processing client’s data will be in the delivery of a ‘contract for services’ or ‘legitimate interest’ 

Executive consultancy will process your data in the following ways:

1. In the development of a contract for services 

2. In undertaking any work that involves processing data as part of delivering on a contract for services

The protection of your data

We have a requirement to maintain any records according to GDPR standards. We will be processing your data by electronic means via telephone contacts, calls, text messages and by utilising the devices appointment calendars. For these purposes your information will be kept in a password protected device only accessible by the owner of the device.

We will maintain other records electronically 

Your information will be retained for a period of no longer than seven years. You may request access to the information held and copies will be provided to you within 14 days of your request, this is called a ‘Subject Access Request’.

You have the right to request the rectification of any information held and also the right to request erasure of personal data once the seven-year period has been reached. Please note if your counsellor is not the ‘data controller’ then you will be advised of the referring agency’s details.

Please be aware that due to the nature of the work undertaken records from sessional appointments are not transferable to other persons/organisations.

Should you be unhappy at any time in relation to the way in which your data is being processed you can complain to the Information Commissioner’s Office
https://ico.org.uk/                 Telephone: 0303 123 1113.