GDPR & What This Means For Complementary Therapists – Brighton Holistics Online

GDPR & What This Means For Complementary Therapists – Brighton Holistics Online – The General Data Protection Regulation (GDPR) came into effect on 25 May 2018. This was introduced after concerns of misused data gathered by websites & businesses globally.

In effect, GDPR replaced the Data Protection Act of 1998. This means that everyone now has to comply with new Data Privacy regulations. It is important for all Complementary Therapists to be aware of these new regulations and what it could mean for their business going forward.

Personal Data

GDPR defines “Personal Data” as information which can be used to directly or indirectly identify and contact someone. Data such as contact information, age, location or IP Address all count as “Personal Data”.

Storing Information

It is important to consider what Personal Data you store when running your business. Do you hold contact details, or do you hold medical records and consultation forms too? By assessing what data you store, how you gather it and who you share it with – you can easily check whether you are breaching GDPR regulations by referring to the GDPR website (ico.org.uk).

Moreover, being aware of how you gather, and store data will give you an idea of how you could perhaps improve your methods in the future.

Privacy Notices

It is now essential for every business to have a Privacy Policy. Whether that be on your website or printed out and available to hand in your treatment room or reception – it protects a business from breaching GDPR regulations.

A Privacy Policy needs to explain, clearly – who you are (your business or trading name) and how you intend to use a person’s information (your clients, staff or contractors data). Your policy should clearly outline:

• How long you will hold a person’s data for
• How and when you will dispose of or delete their personal data
• That they have a right to access any of their personal information you hold
• That they have the right to complain to the ICO (GDPR website: org.uk) if they think you are mishandling their personal data

Request To Access Information

GDPR states that when someone requests to see their personal information – that it needs to be supplied within one month. You cannot charge for this service, as the person has the right to see their information.

Consent

GDPR states that a person must give their consent before you can gather and store their personal information. This consent must be given freely, through the process of “opting in”. Before, websites would automatically collect people’s data unless they “opted out”. This has now been changed so people have more control of who they give their data too.

Now is the time to review the data you are holding and whether it complies with GDPR regulations. Anyone who has interacted with your business (online or in person) over the past year will need to check that:

• Their personal information is up to date
• If they are happy to ‘opt in’ to receiving marketing emails / marketing materials
• How they would prefer to be contacted (email, phone, post etc)

For a clearer understanding of GDPR and what it means for your business, you can always refer to the GDPR website: ico.org.uk.