Looking after the personal data has always been is extremely important. There are now updated guidelines on data protection set out in General Data Protection GDPR (May 2018).
I am a registered Data Controller for the purposes the General Data Protection Regulation (2018) registered with the ICO Information Commissioner’s Office (ref no: A8240304).
Should you choose to work with me as a client and start sessions, I would ask you to provide your personal details, and your written consent for me to store your data.
Identifiable data (postal address, email addresses, phone numbers , date of birth and name) will be destroyed one month after completion of our sessions.
I keep brief annonymised client notes (non-identifiable data) which are destroyed 5 years after sessions have ended.
All notes and person data are kept securely in locked filing cabinets.
The only circumstances in which data might need to be shared with other agencies would be in the case of immediate risk of substantial harm to self or others; or under a legal requirement, e.g. terrorism, drug money laundering; or via court order for disclosure.
Wherever possible, I would discuss this with you beforehand.