As a student of the London School of Sports Massage and a student member of the Institute of Sport and Remedial Massage, we are advising you on how we handle your data to comply with the General Data Protection Regulation (GDPR), and to make you aware that you too will need to comply with the legislation with regards to your own clients and what this will entail.
New Data Protection Legislation is coming in to force in the UK on 25th May 2018. The General Data Protection Regulation (GDPR), is EU wide legislation, and is currently being enacted into UK law and will become the 2018 Data Protection Act.
This legislation will affect every business that handles personal data for clients, customers or staff. Personal data has been defined by the act as ‘any information relating to an identifiable person who can be directly or indirectly identified’.
The data we collect on you
The personal data we collect will include information relating to your name, address, date of birth, and wider contact details. We will also collect data relating to your training with us which may include information about any relevant health, disability or learning issues.
We only share this data with the Institute of Sport and Remedial Massage. It is only used for the purpose for which it was collected, to enable us to administer training and provide professional membership services.
We will retain your data for 7 years following the end of your training OR following lapsed membership of ISRM. If you wish to renew your membership after your data has been deleted the onus will be on you to provide evidence of your eligibility to renew. Y
have the right
You have the Individual Rights under the Data Protection act 2018
You can exercise your Individual Rights at any time without charge. However, if your request is considered repetitive, unfounded or excessive a reasonable administration fee can be charged.
We will take all appropriate technical and arganisational steps to protect the confidentiality, integrity, availability and authenticity of your data.
The data you collect on your clients
If you have clients whose personal data you collect and store you will need to ensure you comply with GDPR. To do this you must make available to them a notice that informs them about:
You must also inform them of their Individual Rights under the Data Protection Act 2018
Record Keeping and the GDPR
Personal data should not be kept for longer than is necessary. In the case of a client’s treatment notes, where claims for damages may occur some time after an event, we recommend that records should be kept for 7 years after the last treatment. In the case of minors records should be kept for 7 years after they reach the age of 18.