Compliance with the General Data Protection Regulations (GDPR)

Compliance with the General Data Protection Regulations (GDPR)

Collation, retention & deletion of information
Legal Requirement

Under the GDPR Work Stress Solutions (WSS) must:

• use personal information fairly and lawfully;
• collect only the information necessary for a specific purpose(s);
• ensure it is relevant:
• only hold as much information as it needs, and only for as long as it needs it;
• allow the subject of the information to see it on request, in accordance with the rights of the individual under DGPR; and
• keep the information secure.


Information should be relevant, held and stored in accordance with the GDPR. No full client’s names will be used on answer-phone messages or email unless the individual has personally supplied those details.

What personal information is held?

A minimal amount of detail will be held by WSS in the form of basic information: In respect of staff this will be information provided during the application and appointment process. In respect of beneficiaries, the information held is set out in the WSS Registration Form which includes contact details, Course Assessment and Outcome forms, the Work Social Adjustment Scale, Confidence Ruler, attendance logs and client database. In respect of third parties i.e., facilitators, therapists, the information provided in the Third Party Provider Course Facilitator/Therapist Agreement will be retained. Wherever possible, all information is to be held electronically (or transferred to an electronic format). Any information held on computer is to be protected by password and any information held on paper is to be kept in a locked cabinet or suitably anonymised.

Requirements and Retention

• WSS will not keep information on clients for any longer than is necessary. Records for discharged clients will be retained for seven years and then destroyed.

• It is the responsibility of each Facilitator/Therapist to hold and store their own professional session notes securely. The Third Party Provider Course Facilitator/ Therapist Agreement covers this issue in more detail.

Subject Access

WSS will respond to individual requests for access to their held personal information or notices in accordance with the GDPR and within 28 days.

Policy Review Date: This policy will be reviewed every three years or earlier if legislation

Under this legislation you have the right to:

• Be informed about the collection and use of your personal data
• Access the data held (a copy of your data will be provided on request)
• Have any inaccuracies in your data corrected
• Request your details be deleted from our records
• Request that the use of your personal data is restricted You have the right to object to the use of your personal data at any time.

If you wish to exercise any of the rights outlined above please contact

14 May 2018