You may or may not be aware that there are changes taking place on 25th May with new legislation called GDPR (General Data Protection Regulation). This is to change the old Data Protection Act, as we now collect and store so much information. This is important, as you may not realise what information people are storing about you.

It’s a good thing, as it has meant we have had to review our business and think about where and how we store your information and to make sure it is secure.

So, how will this affect you?

All new clients complete a consultation, but during this time I will also ask you to sign a privacy and consent notice, which tells you why I’m collecting your information and what I use it for.consultation

If you’re an existing client I will also be asking you to sign a privacy and consent notice, so you are aware about why I’ve collected the information I have, and what I do with it.

What does the form include?

The privacy and consent form explains why and how I am storing your information, the lawful basis for requesting the information and what I do with it. It also explains that your information is not passed to any third party. Having reviewed my processes, the only reason I identified where I will pass on any details is where you have asked another therapist to contact to book a therapy.

The form also explains clearly your rights: your right to be informed about what information will be held and used, your right to access your notes, the right to correcting your personal information, your right to be forgotten and your right to restrict the information processed and how it is used.

What changes have you made?

Recently I carried out a review of my business: I made sure my websites have the correct security details based on the information they hold, I checked that the systems I use to store information are compliant and that my laptop and phone all have security codes on any areas which contain client information. I also checked I have gathered information, such as emails, legitimately and have reminded people they are welcome to unsubscribe to my newsletter at any time. I added privacy notices to the clinic and online and have made sure I am transparent in explaining that the clinic therapists’ are all responsible for their own data, and we do not share notes.

I did identify an area which is a concern to me, as I use paper based files and have to transport them to and from the clinic. While they are in a lockable cabinet, they are very portable and I have been meaning to move the notes online. This has been on my to-do list for several years, but I have made a mountain out of the job and kept moving it to the bottom of my to-do list! I’ve actually seen the GDPR compliance as a good thing, as it has forced me to take action on something I’ve been ignoring. I’ve identified two possible client record systems which are both compliant and am currently road-testing them to see which one is more usable for my needs.

Personally, I feel the GDPR changes are a good thing, and while people are wondering why they are needing to sign another piece of paper, I think it’s good to highlight what you should already know – that we are trustworthy and professional businesses.


Louise Morgan Holistic TherapistLouise is an holistic therapist who owns the Therapy Centre, BS14 9HB, a clinic offering a range of holistic and beauty therapies. Louise offers reflexology, aromatherapy, aromatology, holistic massage, Indian head massage, reiki, baby massage and story massage. She is a mum of two boys and when she is not working she enjoys getting outdoors with her family. For further information visit or contact her clinic on 01275 217160