This document sets out how Dr Lana Jackson Psychology comply with the General Data Protection Regulation (GDPR) laws.
Why do I need to collect information about you?
I am required by the Health and Care Professions Council (HCPC) and British Psychological Society (BPS) to keep documentation of your personal data. The personal and sensitive data I collect is necessary for me to provide good quality assessment and treatment services to you.
What personal and sensitive data I process:
Personal data: basic contact information: name, address, email, contact number, and GP contact details.
Sensitive personal data: Signed Terms & Conditions, therapy records (therapist notes, letters, reports and/or outcome measures).
If you are referred by your health insurance provider, or case management service, then I will also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.
How do I use information that is collected?
I will only use your personal information to provide the services you have requested from me.
How long do I store personal information?
Information will be held for as long as you are engaged in services from us and for seven years following the date of our last treatment contact with you. When working with children and young people under the age of 18, I will hold information for seven years after the age of 18. These timeframes are governed by legal requirements.
You have the right to ask for the information I hold on you to be erased prior to this time. However, in this event, I have to determine if I need to keep the data. Reasons for this could include legal issues or if the request falls within the timeframe that there is a professional regulatory reason to hold data. Case notes and records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000) and The Health and Care Professions Council (HCPC; 2017). In this instance, I may not be able to erase your data before that time has passed, or until legal issues are finalised.
If you would like me to erase your personal data, please do contact me: Lana@drlanajackson.co.uk
How your personal information is used
I use the information I collect to:
Provide my services to you.
Process payment for such services.
Is my data confidential?
All the information you share with me is strictly confidential. However, the following exceptions apply:
If you are referred from a case management organisation, an insurance company, or if your sessions are funded by an organisation such as a local authority, they may require information about the assessment, treatment plan and outcome of treatment to be shared.
If significant risk towards yourself or others is identified, confidential information may be shared with the NHS or other statutory services. I will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.
What I will NOT do with your personal information
I will not share your personal information with third-parties for marketing purposes.
How we ensure the security of personal information
Data which is stored on paper will be kept in a secure, locked filing cabinet when not required. Data stored on paper will be shredded and disposed of securely when it is no longer required and/or has reached the end of the data retention period.
Personal information is minimised in phone and email communication. Sensitive personal data will be sent to clients in an email attachment that is password protected. Email applications use private (SSL) settings, which encrypts email traffic so that it cannot be read at any point between our computing devices and our mail server. I will never use open or unsecure Wi-Fi networks to send any personal data.
Personal information is stored on a password protected laptop computer and external hard drive. Malware and antivirus protection is installed on all computing devices. Mobile devices are protected with a passcode/thumbprint scanner. Electronic data will be backed up regularly and these backups will be tested regularly. Where data is uploaded to cloud systems, these will be compliant with GDPR.
Your right to access the personal information we hold about you
You have a right to access the information I hold about you. If you would like to access the information I hold, you can make a Subject Access Request.
I will usually share this with you within 30 days of receiving a request.
There may be an admin fee for supplying the information to you.
I may request further evidence from you to check your identity.
A copy of your personal information will usually be sent to you in hard copy.
You have a right to get your personal information corrected if it is inaccurate.
You can complain to a regulator. If you think that I haven't complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office.
How can I have my information removed? How is my information protected?
To protect your data, I follow the guidelines and recommendations in line with professional and regulatory bodies including the British Psychological Society, the Health and Care Professions Council and the Information Commissioners Office. I comply with the requirements detailed in the Data Protection Act (1998) and the General Data Protection Regulations (2018).
Data breach procedure
I have a range of procedures in place to protect your data. In the unlikely event of my security processes being compromised leading to a significant breach of your information, I will aim to inform you, as well as the Information Commissioners Office (ICO), as soon as possible after the breach has been identified.
If you have any concerns or questions about this policy, please get in contact with me (Lana@drlanajackson.co.uk). If I am unable to resolve your concerns, you can contact the Information Commissioner’s Office: https://ico.org.uk/for-the-public/raising- concerns/
Dr Lana Jackson
Chartered Senior Clinical Psychologist
07 February 2023
 The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.
 Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.