GDPR made easy for counsellors: Part 2a
Data protection definition Recap
Todays bottom Line: Whenever personal data is processed, collected, recorded, stored or disposed of it must be done within the terms of the Data Protection Act (DPA)
So hands up who knows if they are a data controller or processor?
Date protection definitions
· Data controller: The person who collects /stores the data, decides on sharing and decides processing.
· Data Processor: They will conduct a process on the data and share it back to the controller. Maybe a check or sending mail or emails. So the action/process is not for themselves
· Data subject: The person the data is about. (The client)
https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/
What is personal data?
Personal Data- means data which relates to a living individual who can be identified from it.
Be aware it also includes data held that may be anonymous but is linked via code/numbers etc to identifiable data you hold. Sound familiar? – Anonymous counselling clinical notes.
The legal jargon bit – shall not be processed/shared unless: At least one of the conditions in schedule 2 is met
Examples for counsellors – of legitimate reasons
Necessary to protect the person’s vital interests. HARM TO SELF
Necessary to fulfil a legal duty. COURT ORDER
What is personal sensitive data?
Sensitive personal data (GDPR will call it special category) means personal data consisting of
GDPR is adding biometric, genetic data
The legal jargon bit – shall not be processed/shared unless: At least one of the conditions in schedule 2 AND schedule 3 is met
Examples for counsellors – of legitimate reasons
Necessary to protect someone’s vital interests but crucially the addition of
· The person cannot consent
· unreasonably withholding consent,
· consent cannot reasonably be obtained
https://ico.org.uk/for-organisations/guide-to-data-protection/conditions-for-processing/
Counselling data protection considerations
Consider if you share for immediate harm to self would you really need to ever share sensitive personal data?
Consider: Will the not sharing of data cause more harm than sharing it?
Next steps- If I’ve not fried your brain check out todays other blogg, Blogg 2b the 8 principles of data protection. www.counsellinginnotts.co.uk