I am pleased to inform clients that I have been accepted as a registered data controller/ data protection officer by the UK Information Commissioner’s Office. This is a governmental body that enforces data protection law and public privacy rights. This registration is designed to give members of the public assurance that personal data is collected, handled and secured properly and in line with the law (Data protection Act 2018 and the GDPR). RFCBT will appear on the ICO list of registered organisations within the next week with Robert Fulton as the data controller and protection officer. This means that I accept responsibility for securing data in line with the law. Clients have the right to ask me to place appropriate controls on their data and can contact ICO to enforce this if they feel I have fallen short (of course, I will do everything possible to secure your data before enforcement).
RFCBT maintains a minimal data collection policy where clients names and other identifying data (like names or addresses) is only put on essential documents such as the contract, receipts and paperwork being sent to you. Internal paperwork and paperwork/ recordings sent for supervisory oversight are anonymised. I would also remind clients that you can request your session notes and recordings to be destroyed after your final session if you are over 18 (under 18s can contact me after your 18th birthday). This would leave only your contract and payment details for tax purposes. All stored data is either locked away or encrypted on a password protected device.
This is a formal acknowledgement of the data protection compliance RFCBT has always used as a principle and the registration can assure clients of the highest standards in data protection.