General Data Protection Regulation (GDPR) Jason Ward DBT London

The General Data Protection Regulation (GDPR) is concerned with the personal information about you that I collect, store, and share.

This page details my GDPR policy.

Personal Information I will Collect.

Gender (or preferred identity).
Date of Birth.
Relationships & Progeny.
Telephone/SMS number (plus permission to send SMS & leave voice message).
Email address.
Therapy and Psychological Services History.
Medical conditions relevant to counselling.
Prescribed medication.
Session summary.

How I will store your Personal Information.

Storage Methods.

Paper:written notes (described below).
Smartphone:I will store your contact information in a plain-text note app that backs up to my private Google Drive. This allows me to contact you in case of emergencies, but keeps from revealing this information to other applications (i.e. not using a Contacts app).
Email/SMS/WhatsApp:your email address and correspondence will be stored in my email account (currently GMail) by nature of you contacting me. Your telephone number may be stored in my SMS or WhatsApp app should we exchange messages this way. Electronic correspondence will also be held by the corresponding app (Gmail, Phone’s SMS, WhatsApp).
Website:none of your personal information is stored on my website, other than to momentarily collect & send it to my Gmail account for the purposes of our initial contact.

Documents Held.

Paper:

Contact Sheet
Contract/Agreement
Assessment Record
Brief Session Notes
GDPR Agreement
Client Code (linking documents)

Electronic:

Contact name & telephone
Email/SMS/WhatsApp.

How I may Process/Share your Personal Information.

Consultation

I seek a monthly consultation with a qualified clinical supervisor in this process. The consultation process is for my practice (rather than seeking instruction on working with you). In order to protect your privacy, my supervisors will not know you personally nor professionally. I will refer to you by your first name, and I may refer to your information verbally when it’s helpful to my professional processes.

Therapeutic Will

Your name and contact details will be shared with my Therapeutic Executor. This is so that you will be contacted on the event of my death, should you still be in therapy with me.

Emergencies

If your health is in jeopardy (provided I have your consent) I may share your contact information with an emergency healthcare service (e.g. Mental Health Crisis Team).If I have become aware of your intent to cause harm to another person/organisation (e.g. terrorism), the law may require that I inform an authority without seeking your permission. In such a situation, the law may require that I share your personal information without your knowledge (known as: whistle-blowing).

Erasing your Information

When we have finished working together, I will erase electronic copies of your information & correspondence within one month. I will hold onto your written information for up to seven years past the end of our working together. This is so that I have a reference of our work in situations such as you returning to counselling in the future. After this time has passed, I will shred the written information.

Your Rights

You have the following rights:

To be informed what information I hold (i.e. this document).
To see the information I hold about you (free of charge for the initial request).
To rectify any inaccurate or incomplete personal information.
To withdraw consent to me using your personal information.
To request your personal information be erased (though I can decline whilst the information is needed for me to practice lawfully & competently.
1. Data Breach Response
- Breach Detection and Reporting: All staff are trained to recognize and promptly report any potential data breaches. We have procedures to escalate security incidents to our designated Data Protection Officer (DPO) or data protection lead.
- Risk Assessment: Upon identifying a breach, DBT London will quickly assess the likely impact on individuals’ rights and freedoms.
- Notification to ICO: If the breach is likely to result in a risk to individuals’ rights, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach. The notification will include:
  - Description of the nature of the breach.
  - Categories and approximate number of affected individuals.
  - Contact details of our DPO or data protection lead.
  - Possible consequences and mitigation actions taken.
- Notification to Individuals: If there is a high risk to individuals, DBT London will promptly inform those affected, providing advice on steps they can take to protect themselves.
1. Data Protection Principles DBT London adheres to the following data protection principles under GDPR:
- Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner.
- Data Minimisation: We collect only the data necessary for specified, legitimate purposes.
- Accuracy: We take reasonable steps to ensure personal data is accurate and up-to-date.
- Storage Limitation: Personal data is retained only as long as necessary for the purpose it was collected.
- Integrity and Confidentiality: We apply appropriate security measures to protect personal data from unauthorised access, alteration, or loss.
1. Data Subject Rights Individuals have rights under GDPR, including the right to access, correct, and delete personal data held by DBT London. Requests to exercise these rights can be made by contacting our data protection lead, and we will respond in compliance with GDPR timelines.
2. Record-Keeping DBT London maintains detailed records of processing activities, including any data breaches. All decisions regarding breach notification are documented to demonstrate accountability under GDPR.
3. Processor Responsibilities Third-party data processors used by DBT London are contractually required to notify us of any data breaches affecting DBT London’s data without undue delay and to comply with all GDPR obligations.
4. Staff Training and Awareness DBT London provides regular GDPR training to all employees to ensure awareness of data protection obligations and to prevent breaches caused by human error.
Contact Information For questions or to report a data breach, please contact:
- Data Protection Officer (DPO): Jason Ward
- Email: jason@dbtlondon.com
- Phone: 0800 061 4225
Policy Review This policy is reviewed annually or as needed to ensure compliance with GDPR updates and best practices.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.