Insights

GDPR guidance for therapists

Plain-English articles on data protection, compliance legislation, and what it all means for therapists in private practice.

Legislation4 May 2026

The DUAA mistake therapists are making right now

With a few weeks until DUAA 2025 takes effect, therapists are scrambling to update their policies. Three patterns are coming up over and over — and most of them are easy to fix. Here is what to look for in your own setup.

Read more →
Legislation24 April 2026

The data breach you didn't know was a data breach

Sending an email to the wrong address. Forgetting to BCC a group. A laptop in a cab. Many therapists assume only hacks count as a breach. The ICO disagrees — and the 72-hour clock starts the moment you find out.

Read more →
Compliance14 April 2026

Counsellors who use Zoom: what your client doesn't realise about online sessions

When a session moves to Zoom, your data protection responsibilities don't disappear — they multiply. Recording, transcripts, AI features, and what your platform does with the audio. Here is what therapists need to check.

Read more →
Compliance11 April 2026

What to do if a client asks to see their records

Subject access requests are one of the most common data protection issues therapists face. The DUAA 2025 has changed the rules. Here is a practical guide.

Read more →
Compliance8 April 2026

The £2-a-month question: what does GDPR compliance actually cost a therapist?

There are several ways to get compliant. They vary enormously in cost, time, and how long the compliance lasts. Here is an honest breakdown.

Read more →
Professional bodies5 April 2026

Reflexologists and GDPR: why the AoR approach is different

Reflexologists who are members of the Association of Reflexologists have different data protection obligations to counsellors and psychotherapists. Here is what you need to know.

Read more →
Professional bodies2 April 2026

What your BACP membership actually requires from you on data protection

BACP's Ethical Framework sets clear expectations about how members handle client data. Here is a plain-English guide to what those expectations are — and how to meet them.

Read more →
Compliance30 March 2026

Your clients are quietly judging your privacy policy

Before a new client books with you, many of them look for your privacy policy. What they find — or don't find — shapes their decision. Here is what therapists need to know.

Read more →
Compliance27 March 2026

How UK therapists really handle GDPR compliance

There are roughly five ways therapists in private practice deal with data protection. Some work. Some don't. Here is an honest look at each.

Read more →
Legislation24 March 2026

UK therapists have 10 weeks to comply with new data law

The Data (Use and Access) Act 2025 comes into force on 19 June 2026. It introduces a mandatory complaints procedure for therapists who hold client data. Here is what you need to do.

Read more →
Legislation21 March 2026

The document your therapy practice almost certainly doesn't have

Most UK therapists have a privacy policy. Far fewer have the document the Data Protection Act 2018 actually requires them to have. Here's what it is — and why it matters.

Read more →