The requirements of the Data Protection Act 2018 which includes the General Data Protection Regulation (GDPR) are met by this practice in the following ways. All data collected is:
- processed lawfully, fairly and transparently
- only collected and used for particular lawful purposes
- adequate, relevant and not used excessively for that purpose
- accurate and up to date
- stored no longer than necessary
- kept secure, and its integrity and confidentiality are protected
Specifically
- I only collect data which is necessary for the purposes of effective treatment and to enable me to contact you regarding appointments
- Your information is given freely at the appointment (with your consent) and recorded on paper
- Your paper records are stored in a locked filing cabinet, to which I am the only person with access, in an office which is locked at all times when I am not there
- I do not share your information with any third party or for marketing purposes
- I have a legal obligation to store your files for seven years after which they are destroyed by shredding
- You have a right to request to see your notes and to correct any inaccurate information
- You have a right to refuse to provide information should you so wish but that may affect the efficacy of the treatment you receive
- You have right to complain to me if you have any issues about how your data is handled
- If necessary, you can take the concern to the Information Commissioner's Office (ICO). See ICO.org.uk