GDPR made easy for counsellors: Part 2a

GDPR made easy for counsellors: Part 2a

Data protection definition Recap

 Todays bottom Line: Whenever personal data is processed, collected, recorded, stored or disposed of it must be done within the terms of the Data Protection Act (DPA)

 So hands up who knows if they are a data controller or processor?

Date protection definitions

·        Data controller:  The person who collects /stores the data, decides on sharing and decides processing.

·        Data Processor:  They will conduct a process on the data and share it back to the controller. Maybe a check or                  sending mail or emails.  So the action/process is not for themselves 

·        Data subject:        The person the data is about. (The client)

https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/

What is personal data?

Personal Data- means data which relates to a living individual who can be identified from it.

Be aware it also includes data held that may be anonymous but is linked via code/numbers etc to identifiable data you hold. Sound familiar? – Anonymous counselling clinical notes.

The legal jargon bit – shall not be processed/shared unless:  At least one of the conditions in schedule 2 is met

Examples for counsellors – of legitimate reasons

Necessary to protect the person’s vital interests. HARM TO SELF

Necessary to fulfil a legal duty. COURT ORDER

 What is personal sensitive data?

Sensitive personal data (GDPR will call it special category) means personal data consisting of

• Racial or ethnic origin
• Political opinions
• Religious beliefs or other beliefs of a similar nature
• Member of a trade union
• Physical or mental health or condition
• Sexual life
• Commission/alleged commission of any offence(full definition too long for the blog)

GDPR is adding biometric, genetic data

The legal jargon bit – shall not be processed/shared unless:  At least one of the conditions in schedule 2 AND schedule 3 is met

Examples for counsellors – of legitimate reasons

Necessary to protect someone’s vital interests but crucially the addition of

·        The person cannot consent

·        unreasonably withholding consent,

·        consent cannot reasonably be obtained

https://ico.org.uk/for-organisations/guide-to-data-protection/conditions-for-processing/

Counselling data protection considerations

Consider if you share for immediate harm to self would you really need to ever share sensitive personal data?

Consider: Will the not sharing of data cause more harm than sharing it?

Next steps- If I’ve not fried your brain check out todays other blogg, Blogg 2b the 8 principles of data protection. www.counsellinginnotts.co.uk