If you are a therapist and hold personal Data, you have to know about changes to the DPA
The Data Protection Act is changing to the General Data Protection Regulation GDPR in May, 2018 and if you are a therapist you will have to know about these changes if you keep personal data.
Many of the GDPR’s main concepts and principles are much the same as
those in the current Data Protection Act (DPA), so if you are complying
properly with the current law then most of your approach to compliance
will remain valid under the GDPR and can be the starting point to build
from. However, there are new elements and significant enhancements, so
you will have to do some things for the first time and some things
It is important to use this checklist and other Information Commissioner’s
Office (ICO) resources to work out the main differences between the
current law and the GDPR. The ICO is producing new guidance and other
tools to assist you, as well as contributing to guidance that the Article 29
Working Party is producing at the European level. These are all available
via the ICO’s Overview of the General Data Protection Regulation. The
ICO is also working closely with trade associations and bodies
representing the various sectors – you should also work closely with these
bodies to share knowledge about implementation in your sector.
It is essential to plan your approach to GDPR compliance now and to gain
‘buy in’ from key people in your organisation. You may need, for example,
to put new procedures in place to deal with the GDPR’s new transparency
and individuals’ rights provisions. In a large or complex business this
could have significant budgetary, IT, personnel, governance and
The GDPR places greater emphasis on the documentation that data
controllers must keep to demonstrate their accountability. Compliance
with all the areas listed in this document will require organisations to
review their approach to governance and how they manage data
protection as a corporate issue. One aspect of this might be to review the
contracts and other arrangements you have in place when sharing data
with other organisations.
Preparing for the General Data Protection Regulation (GDPR): 12 steps to take now
Some parts of the GDPR will have more of an impact on some
organisations than on others (for example, the provisions relating to
profiling or children’s data), so it would be useful to map out which parts
of the GDPR will have the greatest impact on your business model and
give those areas due prominence in your planning process.
Join Our Newsletter
Join our mailing list to receive the latest news and updates from our team.