The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), implemented in May 2018, is set up to ensure people have protection and control of their data. Set out below is how First Step will deal with your personal data.
Our assessment process allows us to collect some personal data, ie contact details, emergency contact details, GP, medication, your immediate support network, any offences committed in addition to other support you may be receiving.
This information will only be shared by the assessor with staff, your therapist (before starting therapy) and with the clinical supervisor who oversees the ethical practice of your counsellor or support worker. Your personal data is stored both electronically and on paper.
How long will your data be stored for, where will it be kept and who will receive it;
Your personal data will be kept for 7 years from the end of our work together. Your details and notes will be stored separately in a secure location and will not be shared with anyone other than when required under UK Law and where we are legally bound to release access to your personal information. After that period your personal data will be confidentially destroyed.
Who has access to your Personal Information?
First Step does not share your personal data with any other party unless there is a need for safeguarding, referral or involvement of emergency services, and you are able to access it at any time (free of charge) up to the date of destruction. 2 weeks’ notice in writing is required for this to be actioned within the compliance time of 1 month.
If requested by you in writing, we will provide your information to a third party.
You are entitled to have your data erased if you so wish and this should be communicated in writing to the Manager or Chair of Trustees.
There is a minimum amount of data that needs to be collected to work safely and ethically with you. You can decline this data collection but it would compromise any service First Step would be able to offer you.
As a member of the ICO First Step adheres to their guidelines and will report any data breaches. You will be informed should this happen. The ICO will be informed by the Chair of Trustees or the Vice Chair in their absence.
How to register your concern
If you have any concerns about how we have handled your data, you can complain to the Information Commissioners office https://ico.org.uk/concerns/or telephone 0303 123 1113.