How does my therapist make sure that my data is protected? – Mindler UK

Psychologists and Cognitive Behavioral Therapists in the United Kingdom are required by law to complete training andto follow the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. These regulations outline the steps and procedures for how personal data including mental health data, should be collected, processed and protected.

At the beginning of their work every Mindler employee is required to attend GDPR training, even if they have already attended previous training.

The GDPR training typically incorporates:

Understanding the principles of data protection such as data minimization, that the therapist should limit the collection of information to what is necessary and directly relevant to the therapeutic process, accuracy, that the information the therapist records is as close to the truth and correct as possible and confidentiality, that the data collected is bound by the conditions of confidentiality outlined to the client at the beginning of the therapeutic relationship.

Learning about the lawful processing of data, that the therapist should have a lawful basis for processing personal data, whilst being transparent with the clients of what data is collected, who it may be shared with and for what reasons, with consent from the client and in the interest of therapy.

Therapists must also learn about data security measures so that personal data is protected from unauthorized access, loss or theft.

At Mindler UK data is kept on a secure platform that requires two factor authentication and can only be accessed by those involved in the care of our clients. Encryptions and secure emails are used when sensitive data is required to be shared between professionals.

GDPR requires that data breaches are reported within 72 hours of becoming aware of them and Mindler has policies and procedures in place for detecting, reporting and responding to data breaches.

Finally GDPR training suggests that data should be retained for as long as necessary and securely disposed of when the said time ends.

It is a key priority for the therapists to keep their client’s data safe. Not adhering to these laws could have legal consequences for our organization and our therapists, it can impact the therapeutic relationship and deter a client from engaging in therapy now or in the future and can have serious professional implications for the therapist.