The General Data Protection Regulation (GDPR) is EU wide legislation that comes into effect on 25th May 2018 as the 2018 Data Protection Act. This new law has consequences for the way in which we use and store your personal information.
The data the ABMT holds about you includes your name, postal address, phone number, email address, practice website and address where relevant, the name of your insurance provider, and the name of your supervisor. We use this data to contact you for membership renewal, to disseminate information such as newsletters and notices about meetings, and when requested, for therapist practice listings on our website.
We store your data in files on an external device which is password protected, and we do not share your information with any third parties. The exception to this is if you are insured with Balens through the Association’s block scheme, in which case we may share your name and contact details with them.
We hold your data for eight years from the end of your membership, after which we will erase it from our records.
Guidance for Practitioners
As a professional association, ABMT takes the ethical practice of our members and the safety of their clients very seriously. This document is intended to provide a practical summary of how biodynamic massage therapists can adhere to best practice of data protection. More detailed guidance about how to adhere to the GDPR can be found on the Information Commissioners Office website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr. At present, you do not need to be a member of ICO to join ABMT, CNHC, UKCP, or BACP. However, with increasing awareness of the importance of digital data security, more therapists are electing to register with ICO to show that they are aware of and practice a high standard of data protection.
Note Taking
We encourage our members to keep clear notes on biodynamic massage sessions, not only to help therapists remember what has been happening in the therapy, but also to safeguard you if a client were ever to bring a complaint against you. Remember that a client has the right to see their notes if they wish, and client notes can be subpoenaed by a court of law. Notes should be anonymised by use of a pseudonym or initials, and the key showing which client name corresponds to each pseudonym should be stored separately to your notes.
Therapists may find it useful to keep a second set of more detailed journal style notes or personal reflections as you are neither required to show these to clients, nor to produce them in a legal hearing. These should be kept in a separate place to your client notes.
Please note that it is a condition of the Balens block scheme insurance that you a) make client notes, and b) keep them for 7 years after the final session with that client. Failure to do so could invalidate your insurance.
Transparency of Data
Part of the changes coming with the GDPR are about being as transparent as possible with clients about what personal data of theirs you hold, why, and for how long. Names, addresses, phone numbers and dates of birth all count as personal data. If you hold personal data about your clients, you need to let them know this in writing, explaining why you need to hold the data, and obtain written consent from them for doing so. You may decide to include this in your client contracts, or to give clients a separate data policy form to read and sign.
Data Storage
Client data should be kept in a secure (locked) cabinet or similar. If you make notes on a computer, these should not be stored on the device’s hard drive, but rather on an external drive or device kept in a locked space, or secured with a password or encryption key. Due to hacking and device theft, client data stored on computers is not deemed to be secure.
Communications
Emails are easy to intercept and therefore not a secure mode of communication. This is no problem for planning appointments or other administrative parts of practice. However, if a client writes an email to you containing sensitive information, this should be deleted and the client informed that these types of communications are best kept to phone calls or in person. If you have written contracts with clients, it may be helpful to have a short section in it outlining how best to use emails and other communications.
The data the ABMT holds about you includes your name, postal address, phone number, email address, practice website and address where relevant, the name of your insurance provider, and the name of your supervisor. We use this data to contact you for membership renewal, to disseminate information such as newsletters and notices about meetings, and when requested, for therapist practice listings on our website.
We store your data in files on an external device which is password protected, and we do not share your information with any third parties. The exception to this is if you are insured with Balens through the Association’s block scheme, in which case we may share your name and contact details with them.
We hold your data for eight years from the end of your membership, after which we will erase it from our records.
Guidance for Practitioners
As a professional association, ABMT takes the ethical practice of our members and the safety of their clients very seriously. This document is intended to provide a practical summary of how biodynamic massage therapists can adhere to best practice of data protection. More detailed guidance about how to adhere to the GDPR can be found on the Information Commissioners Office website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr. At present, you do not need to be a member of ICO to join ABMT, CNHC, UKCP, or BACP. However, with increasing awareness of the importance of digital data security, more therapists are electing to register with ICO to show that they are aware of and practice a high standard of data protection.
Note Taking
We encourage our members to keep clear notes on biodynamic massage sessions, not only to help therapists remember what has been happening in the therapy, but also to safeguard you if a client were ever to bring a complaint against you. Remember that a client has the right to see their notes if they wish, and client notes can be subpoenaed by a court of law. Notes should be anonymised by use of a pseudonym or initials, and the key showing which client name corresponds to each pseudonym should be stored separately to your notes.
Therapists may find it useful to keep a second set of more detailed journal style notes or personal reflections as you are neither required to show these to clients, nor to produce them in a legal hearing. These should be kept in a separate place to your client notes.
Please note that it is a condition of the Balens block scheme insurance that you a) make client notes, and b) keep them for 7 years after the final session with that client. Failure to do so could invalidate your insurance.
Transparency of Data
Part of the changes coming with the GDPR are about being as transparent as possible with clients about what personal data of theirs you hold, why, and for how long. Names, addresses, phone numbers and dates of birth all count as personal data. If you hold personal data about your clients, you need to let them know this in writing, explaining why you need to hold the data, and obtain written consent from them for doing so. You may decide to include this in your client contracts, or to give clients a separate data policy form to read and sign.
Data Storage
Client data should be kept in a secure (locked) cabinet or similar. If you make notes on a computer, these should not be stored on the device’s hard drive, but rather on an external drive or device kept in a locked space, or secured with a password or encryption key. Due to hacking and device theft, client data stored on computers is not deemed to be secure.
Communications
Emails are easy to intercept and therefore not a secure mode of communication. This is no problem for planning appointments or other administrative parts of practice. However, if a client writes an email to you containing sensitive information, this should be deleted and the client informed that these types of communications are best kept to phone calls or in person. If you have written contracts with clients, it may be helpful to have a short section in it outlining how best to use emails and other communications.