GDPR guidance for therapists
Plain-English articles on data protection, compliance legislation, and what it all means for therapists in private practice.
What to do if a client asks to see their records
Subject access requests are one of the most common data protection issues therapists face. The DUAA 2025 has changed the rules. Here is a practical guide.
The £2-a-month question: what does GDPR compliance actually cost a therapist?
There are several ways to get compliant. They vary enormously in cost, time, and how long the compliance lasts. Here is an honest breakdown.
Reflexologists and GDPR: why the AoR approach is different
Reflexologists who are members of the Association of Reflexologists have different data protection obligations to counsellors and psychotherapists. Here is what you need to know.
What your BACP membership actually requires from you on data protection
BACP's Ethical Framework sets clear expectations about how members handle client data. Here is a plain-English guide to what those expectations are — and how to meet them.
Your clients are quietly judging your privacy policy
Before a new client books with you, many of them look for your privacy policy. What they find — or don't find — shapes their decision. Here is what therapists need to know.
How UK therapists really handle GDPR compliance
There are roughly five ways therapists in private practice deal with data protection. Some work. Some don't. Here is an honest look at each.
UK therapists have 10 weeks to comply with new data law
The Data (Use and Access) Act 2025 comes into force on 19 June 2026. It introduces a mandatory complaints procedure for therapists who hold client data. Here is what you need to do.
The document your therapy practice almost certainly doesn't have
Most UK therapists have a privacy policy. Far fewer have the document the Data Protection Act 2018 actually requires them to have. Here's what it is — and why it matters.