As a client of Therapist Insurance, we are writing to you today, firstly to advise how we as a company will be handling your data to comply with the new General Data Protection Regulation (GDPR), and secondly to a make you aware that you too will need to comply with the legislation with regards to your own clients and to note some of the requirements that this will entail. As you may be aware there is new Data Protection Legislation which came in to force in the UK on 25th May 2018. The General Data Protection Regulation (GDPR), is EU wide legislation, and is currently being enacted into UK law and will become the 2018 Data Protection Act. This legislation will affect every business that handles personal data for clients or staff. Personal data has been defined by the act as ‘any information relating to an identifiable person who can be directly or indirectly identified’, this will include such data as name and contact details, but may also information such as IP Addresses. Fair Processing Notice for I4G LLP t/a Therapist Insurance. The personal data we collect about you will include data relating to your name, address, date of birth, wider contact details and data relating to ‘health’ and ‘criminal offences’ if applicable. We will process your personal data to allow us to provide you with our services as your insurance intermediary in quoting for, arranging and administering your insurances, for statistical analysis and to assess your suitability to our services. We will only use your data for the purpose for which it was collected. We will only grant access to or share your data with the Balens Group and our market service providers such as insurers and premium finance providers and where we are required or entitled to do so by law under lawful data processing. A full copy of our Privacy Notice may be found on our website at https://www.therapistinsurance.co.uk/content/privacy-policy. Should you wish to receive a hard copy of our Privacy Notice, please e-mail us at [email protected] , telephone 01926 686600 or write to Therapist Insurance, Highdown House, 11 Highdown Road, Leamington Spa CV31 1XT.
Are you ready for GDPR? As a client of Therapist Insurance, it is likely that you will have clients of your own, whose personal data you will be processing and storing, and will therefore need to ensure your own compliance with GDPR. The Act brings in new rights for the data subjects (i.e. clients and/or staff), and it is important that you ensure you have systems and processes in place to respond if required. One of the first rights is the right to be informed. You will need to ensure that you have a Privacy Notice that informs those whose data you take, what you will be doing with their data, including who you will be sharing it with and when you will be destroying it. Record Keeping and the GDPR We have received a number of requests from clients regarding record keeping in light of GDPR, and how long they should keep their client consultation notes / record cards for given the regulation notes that personal data should be kept for no longer than is necessary. If you currently have a Therapist Insurance Health Professionals Policy with us, underwritten by Zurich Insurance plc, it is a condition of your Insurance Policy to take and retain client records. The policy wording notes: The records shall be kept for at least 7 years following the last occasion on which treatment was given. In the case of treatment to minors, it is advisable that records should be kept or at least 7 years after they reach the age of majority (18). Record Keeping - Condition 14 c, on page 35 The Statute of Limitation in the UK (i.e. time when an individual is able to bring a claim) is 6 years for certain injury claim situations, or 6 years after the individual reaches the age of majority in the case of minors. However, these 6 years start from the date that the injury was discovered, not from the time that the alleged incident that caused it occurred. There are also instances, for example if treating a vulnerable client, where the statute may be overturned. Your records are your best line of defence in any claim situation hence the need to keep these for at least 7 years. It will be for you to determine, in view of your own client base, whether you choose to keep the records for longer than the 7 years noted in the policy wording, and then note this in your Privacy Notice for your clients. There are provisions under the GDPR with regards to keeping records to defend yourself in a claim situation (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/ - When can I refuse to comply with the right of erasure), which clearly give you the right to hold your client records to comply with your insurance Terms and Conditions, should your client make a request for them to be deleted under their Right of Erasure. Further Help Whilst we at Therapist Insurance are unable to advise our clients with regards to GDPR, it is our aim to support. The above information regarding your responsibilities under GDPR is not exhaustive. The Information Commissioners Office (ICO) has a wealth of very useful information on the steps that are required, including a free helpline for small businesses. Please visit - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ |