The requirements of the Data Protection Act 2018 which includes the General Data Protection Regulation (GDPR) are met by this practice in the following ways. All data collected is:

• processed lawfully, fairly and transparently
• only collected and used for particular lawful purposes
• adequate, relevant and not used excessively for that purpose
• accurate and up to date
• stored no longer than necessary
• kept secure, and its integrity and confidentiality are protected

 Specifically

• I only collect data which is necessary for the purposes of effective treatment and to enable me to contact you regarding appointments
• Your information is given freely at the appointment (with your consent) and recorded on paper
• Your paper records are stored in a locked filing cabinet, to which I am the only person with access, in an office which is locked at all times when I am not there
• I do not share your information with any third party or for marketing purposes
• I have a legal obligation to store your files for seven years after which they are destroyed by shredding
• You have a right to request to see your notes and to correct any inaccurate information
• You have a right to refuse to provide information should you so wish but that may affect the efficacy of the treatment you receive
• You have right to complain to me if you have any issues about how your data is handled
• If necessary, you can take the concern to the Information Commissioner's Office (ICO). See ICO.org.uk