GDPR made easy for Counsellors:

GDPR made easy for counsellors Part 1

Information management ICO.

Changes are coming to the world of data protection. I trust you all have May 25th 2018 in your diaries? If you’ve not yet heard of GDPR its general data protection regulations and will be a change and enhancement to existing data protection.

Have you been reading the excellent guidance currently being provided by the Information Commissioner’s Office ICO and just thought its utter gobble de gook to you? https://ico.org.uk/

We’re grown adults, we’re qualified professionals, we can read so we should be able do this, but sometimes you just need someone to explain it in language you understand.

I’m writing this short blogg series as a fellow counsellor whose unrelated day job means I deal with all sorts of official sensitive data and the data protection act makes perfect sense to me. (Yes I know, perhaps I should get our more)

So let’s start with 5 ICO questions, see how you get on.

Question 1         Are you already registered with the ICO?

Some of you will be aware that if you collect /store or proess personal data by electronic means you need to register your business with them. Fee £35 a year. To concentrate the mind it’s a criminal offence not to, with £500 fine.  

UPDATE  1st March.  New fees agreed by parliament. From 25th May new fees will be £40  and it will be called a data protection fee. Which is really unhelpful for those already confused by ICO and data protection. New fees will apply from your next renewal.  so think carefully about when you decided to register if your not already registered. BIG HINT  register before the 25th may.

Don’t forget if you collect personal data by an original email document/form and then print it to store securely. Your storage is non electronic but your collection is electronic so you need to register.

Question 2         You think ICO only applies to big organisations.

This may be a wake up call. Data protection is data protection regardless. If you hold peoples personal data you need to make sure you are protecting it.

Question 3          You’ve paid your £35 so think you’re fine.

So hands up who has ticked the boxes on the ICO website, paid their £35 fee and think they fully comply with ICO?

You may want to re-think that. ICO is about information management, so that’s about what information we hold and the important bit what on earth we plan to do with it. If you didn’t think about processes to manage your information you’ll not be complying with ICO.

Question 4          You’re registered with ICO and assume you will comply with GDPR.

You’re definitely ahead of the game, but you still have to make adjustments to meet the new requirements of GDPR. So don’t feel too smug.

Question 5          You know you don’t understand current data protection requirements?

So the world keeps telling you GDPR is coming,  and are you ready? But if you don’t fully understand whether you’re a data controller or data processor. If you’ve never heard of legitimate reasons and quite frankly had no idea you should already be using privacy statements, then you’re probably having a bit of panic that GDPR enforcement starts 25th May.

So deep breath my next blogg GDPR made easy for counsellors part 2 on Wednesday is a recap on data protection.

For now step 1 in your GDPR journey.

·        Go and review what information (information not just specifically personal data) you hold. To be super clear that’s everything not just clinical notes.

·        Review and be clear how you collected it.  

·        Review and be clear how you store it.

See you Wednesday……..