As a therapist working in private practice, you hold important identifying information about your clients. But do you understand what you are meant to do to protect that data? What to do with records once you finish with a client. What about if a client wants to know what data you hold about them? Or even if it is securely stored? Were you even aware that you should be registered with the Information Commissioner’s Office (ICO)?
From 25 May 2018, your business MUST comply with the General Data Protection Regulations (GDPR) – tough new laws on data - that give consumers more rights over what you can do with information you hold about them and sets strict rules about how you manage and store their data. You are responsible for this data, so it makes sense that you know what you should be doing with it and have measures in place ahead of this date to ensure that you are fully compliant with the law, doesn’t it?
We are running a 3-hour webinar on Friday March 9th 2018, presented by Ian Batty, GDPR Consultant. The workshop costs £57.00 per person, and your fee covers the workshop, all takeaways from the workshop, including documents to help guide your preparation for GDPR and a post-webinar answer sheet, where Ian will respond in writing to questions posted across the course of the webinar (to be emailed to you separately), as well as access to the recording of the workshop for viewing again later at your convenience.
Places are limited, so do book your seat as soon as possible to avoid disappointment. This is an investment in your business’ legal compliance and your clients’ security; you know it makes sense.
What people have said about Ian's workshop:
"Accessible delivery of a complex subject" - Dr Helen Pickering, Clinical Psychologist.
"Alarmingly useful" Ruth Hare, Counselling Psychologist.
"Provided a clear understanding of GDPR & the importance of compliance". Dr Amrat Singh, Clinical Neuropsychologist.
"Excellent presentation of a complex area; Ian made the content accessible and entertaining". Dr Karen Addy, Clinical Neuropsychologist.
Workshop Agenda (timings approximate)
09:30 Welcome and introductions
09.45 Introduction to GDPR
- What is GDPR?
- How does it affect you?
- Who are data controllers and processors?
- Why is it important to comply?
- Benefits of implementing GDPR
- What happens if you don’t comply?
- Understanding personal data
- What is personal information/sensitive information?
- Individuals rights under GDPR
- Legal reasons for keeping data, keeping it up to date and accurate
- Identify your data categories
10:30 Coffee break (sorry, you'll have to provide your own!)
10:45 Legal Reasons for Collecting Data
- Legal reasons for collecting data
- Requirements for consent
- Identify your business purposes
- Storage of data
- Identifying your information assets
- Storage (paper and electronic)
11.15 What’s next?
- Creating a data retention schedule
- Retention and disposal
- Subject access requests
- Data subject notifications
- What you need to tell your clients and employees
- Correcting and deleting data
- Keeping your clients’ data secure
- Data breach procedure
- ICO registration
- Data Protection Officer role – who needs them?
12.15 GDPR Question Time
- Written briefing: Tailored information for attendees
- Specific reasons for collecting and retaining data for those connected with health education
- Expectations of professional bodies
- Data and children
- Data and education
- Data and health
- Interplay between contract law and GDPR (SLAs and other contracts e.g. with parents)
Ian Batty has advised organisations on data for more than 25 years. He has provided senior data architecture counsel for a range of household names, from Shell, to Waitrose, TV Licensing and Co-op Insurance as well as schools, sole practitioners and smaller organisations. He is currently establishing the data architecture function at Severn Trent Water. He brings an in-depth understanding of data and information architecture to his GDPR consultancy, offering a pragmatic approach, balancing long-term aims and legal compliance with short-term requirements and practical delivery of usable solutions. GDPR SME provides specialist consultancy and training for small and medium-sized organisations and independent sole practitioners, such as clinical and educational psychologists.
Ian is formally GDPR Certified (January 2017), and has an M.Sc. in Software Systems Technology from the University of Sheffield, and a B.Sc. in Geophysical Sciences from the University of Southampton.