General Data Protection Regulation (GDPR)
There is new data protection legislation coming in to force in the UK on 25th May 2108. This legislation is the General Data Protection Regulation (GDPR) which replaces the old Data Protection Act. The legislation affects every business that handles personal data for clients. Personal data has been defined by the act as “ any information relating to an identifiable person who can be directly or indirectly identified”. This will include such data as name, address, gender and contact details but also may include information such as IP addresses.
The GDPR includes the following rights for individuals:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object;
- the right not to be subject to automated decision-making including profiling
Fair Processing Notice for Physicality
The personal data we collect about you will include data relating to your name, address, gender, date of birth and wider contact details. We also collect data about your health, medical conditions and any medications. We will use your personal data for the sole purpose of providing the physical therapies of sports/soft tissue massage and/or personal training. We will only use the data for the purpose for which it was collected. We will only share or grant access to your data with a specific third party if you request us to do so.
Your data will also be used to notify you of meetings held at or by Physicality which we feel may be on interest or benefit to you or any special events or promotions for the therapy you participate in. You may opt out of receiving such communications at any time by emailing us at email@example.com.
Record Keeping and the GDPR
Personal data should be kept for no longer than is necessary. It is a condition of both our insurance policies and our membership of a professional body for the exercise profession, the Register of Exercise Professionals (REPS), that we take and retain client records.
The requirements are that these records should be kept for at least 7 years following the last occasion on which treatment was given. In the case of minors, it is advisable that the records should be kept for at least 7 years after they reach the age of 18 years. We will keep client records for as long as we deem necessary rather than 7 years to cover both this professional requirement and the Statute of Limitation for injury claims in the UK.