Stay GDPR compliant with Kiku
As therapists it's essential that we make sure we're running our services in accordance with GDPR to protect our clients' privacy. Finding industry specific guidance on this however, can be a challenge.
Here, we've brought together all the tools you'll need to keep your data protection processes on point.
What client data you hold
What you do with this data
How you keep it secure
What you do with it after therapy comes to an end
Add your policy to your website and / or send a copy to clients when they make their first booking.
Obtain client consent
When a new client joins your service you'll need to obtain their consent to store and process the personal data.
As part of this process you'll need to make them aware of the information that you'll hold, how you'll store it and what their rights to this data are under GDPR.
When clients book in with you using your Kiku online booking system, we'll ask clients to give their consent at the point of booking, or you can send a e-consent request to your clients yourself directly from your Client Database.
Alternatively, if you'd prefer to take written consent you can use the template we have for you here.
Do a data audit
To be fully GDPR compliant we have to a) know what client data we hold and b) be able to justify why we collect and store this data.
It's good practice to conduct a data audit to list the type of data your service collects, why, how it's stored and how long for. This will help you to get clear on what the data protection rules of your service should be and will serve as evidence of sound data protection practices, should this ever come under scrutiny.
Complete our data audit download to record the data you process, your reasons for doing so, how you store the data and how long for.
Be SAR ready
Your clients have the right to request to view or amend the data that you hold on them, and to ask that you delete all data. When they make such a request under their GDPR this is termed a "Subject Access Request" or SAR.
It is good practice to ask clients to sign a Subject Access Request form that you'll keep for your records.