General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) comes into affect on 25th May 2018. It replaces the current Data Protection Act in the UK and is the biggest overhaul of data protection legislation for 25 years.
Under this Draconian law, which seems to be one size fits all, you have certain rights that I am required to inform you of. Here is a link if you want to go to the ICO (Information Commissioner's Office) in order to learn more: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/.
Before getting into it further, let me tell you my own attitude and beliefs to your rights to your personal information:
First, everything that you tell me is confidential and privileged. Confidential means that I will not divulge any information identifiable as being about you without your written consent describing what is to be disclosed, to whom, and for what purpose. The exception to this is when or if some harm might be done to others if I don't take steps to prevent it. If, for example, I learn that you have committed a crime in the past, then I am not only not required to inform anyone, I am duty bound to keep that information confidential. If, on the other hand, I learn that you intend to harm yourself or someone else, then I have a higher duty to prevent that harm that may require disclosure of confidential information. Fortunately, such events are rare.
Privilege is very similar, but what that means is that, like lawyer/client privilege, I can't be required to divulge information about you by a court of law or other governmental authority. The exception to this is when the rights and well-being of others who are vulnerable are concerned. These would include children and vulnerable adults. In such cases, courts may sometimes rule that privilege must yield where the protection of the vulnerable from future injury is involved.
One thing therapists rarely mention to their clients, though I think it is best that you know, is that we may sometimes discuss our cases with supervisors, therapist discussion groups, and trusted other professionals. Because all of these people are also therapists and bound by the same rules, the information goes no further. In such discussions we still endeavour to maintain complete confidentiality by not disclosing personal details or other identifying information about the case.
Other than that, your information is kept under lock and key, if in physical form, or in password protected files if stored electronically. In addition, I keep my data separated as to type, so that identifying information, such as email address and phone number, are kept separately from any case file data.
You have the right to see your file at any time, and to learn what use I make of the information in it. Basically, my only use is to know about you, and so the information will not be shared with anyone else. I have always believed that clients (or patients, in some settings) have the right to see not only the information collected, but also the therapists' notes. I have never understand why anyone in a helping profession would think otherwise. Well, actually, I do. Some people believe that they are superior, and that 'patients' are inferior, and so the professional believes they have the need to withhold information from the client. I think that is bunk, but it is one of several reasons why burdensome regulations such as this one is needed.
There is also something called a 'right to be forgotten.' I'm not quite sure how this is meant to work, since, given the nature of our business, therapists need to keep notes, not only for the benefit of the client, but also for the benefit of the therapist. Session notes provide at least some evidence of what transpired in the session. Evidently there is a right for you to have all information regarding yourself deleted, removed, or otherwise got rid of if you request it. Like I say, in the unlikely event that you should want the therapist to do so, then that will create the dilemma of the therapist having no records on which to rely in the event that a complaint is made or legal action taken, so, we shall see.
If you have any questions about any of this, please be sure to discuss them with me, and if I don't know the answer, I will endeavour to get it.
In addition to this
In general these rights are:
Right to be informed
Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Rights related to automated decision making including profiling
If you have questions related to any of these areas, the link given at the top of this page will take you to the website explaining it.
Please let me know if you have any questions or concerns about any of this.