A SHORTish GDPR implementation checklist, for health and wellbeing practitioners and therapists

I find it all very confusing. Just when I’ve spent a few hours figuring something out and deciding to set something in place, I then hear from someone else that we don’t have to set that thing in place. There’s reams of info, with clauses about this and that and the other.

So I reckonreduce your stress and prevent pulling out your hair, put a whole bunch of stuff in place, cover your back, then you don’t have to worry about anything.

I’ve made this list as concise as possible, and here is another list, which you really need to read as well, as it considers other elements of GDPR.


Don’t believe everything I say. However, if you implement my suggestions, you can save yourself a lot of time and energy AND play it safe. You might not need to do everything on this list and my previous list, however I figure, if you do all of this, then you can say you are offering best practice for everything.

There is so much to read and lots of conflicting advice, so I hope I’m interpreting it all correctly.

The 3 blog posts I’ve written are my interpretation and what I believe is best practice to get GDPR ready.

Get informed through other channels and do let me know if you find conflicting advice. 

Continue reading >

GDPR Opt-In advice for complementary therapists / health and wellbeing practitioners

GDPR complementary therapist opt-in and soft opt-inIn my previous post you can read about GDPR and what action you can take to make sure you are adhering to the regulations.

However, I felt we needed a bit more clarity on the “must clients opt-in” question.

Ever heard of a “soft opt-in”?

Well, now you have. The information below will help you tremendously to understand what you need to do around getting clients, or potential clients, to opt-in.

Coupled with this advice, I recommend you do the right thing, an ethos my parents regularly instilled in me.

Continue reading >

Why is GDPR important to me (a health and wellbeing practitioner) and what action must I take?

Easy speak GDPR summary and solutions below for health and wellbeing practitioners

Don't sweat GDPR: The webmistress advises

Don’t freak out about GDPR, it’s actually quite simple! We are not experts on this subject, this is simply The Webmistress take on all of these GRPD changes.

I can’t include EVERYTHING in the list below, please read this checklist from the ICO and adhere to it.  There is another checklist here (a more recent blog post) you might want to look at.

As a wellbeing practitioner you need to be exceptionally careful AND MOST IMPORTANTLY, TRANSPARENT, about the information you hold about a client:

  1. You must have permission to hold client’s personal information (read the CONSENT section of this pdf) and you must record when and how you got consent, and exactly what it covers
  2. You must tell client’s how you are going to use their information and specify methods of communication (e.g. by email, newsletter, text, phone, call, recorded call, post)
  3. On a signup/contact form on your website, depending on how you are managing other signups (e.g newsletter signups), there might not need to be an opt-in tick box.  However, you do need to offer information about their data use (point 2 above) and instructions about how they can opt-out. Please read the next post about GDP opt-in advice
  4. If you previously have added people to a mailing list, WITH WHOM you have done ‘business’, you do not need to ask them to opt-in now. Please read the next post about GDP opt-in advice, though if you read number 1 above, you will see need to get consent to hold their info (if you have not previously done so)
  5. If you have not had an OPT-IN in place previously, and you have not “done any business with an individual”, you must delete their names from your mailing list and you CANNOT EMAIL THEM TO request they opt-in. However you might want to send an email to all your contacts updating them with relevant info
  6. You must tell them how long you will hold their data for (there are no rules about how long, so go with “as long as needed” and expand on what that might mean to you). Check with your governing body and insurance company about how long they required you to hold records
  7. You must store their details safely/securely – this means your phone and your computer should be password protected, keep your antivirus software up to date etc. And for paper records, you need a fireproof safe (EXAMPLE here). You might not need a fireproof safe, I’ve also heard that just something steel and lockable is ok. See the end of this article about reporting a data breach
  8. Make sure there is an easy/accessible way for your clients to update their info, request what information you hold on them, request their information to be deleted or make a complaint
  9. Register with the ICO (it’s only around £30 a year) and keep up to date with the law. The “Data Protection Act requires all businesses to register with the ICO”.  Take the test to see if your business needs to register…I’m sure you’ll find the answer to be YES

If you think I’ve missed anything of this list, please let me know.

Continue reading to find out what you need to put into action…

Continue reading >

Cookies notice and privacy policy

Cookies. What are they and why do I need a cookie notice?

Cookies?  No, not fortune cookies!

Photo of a fortune cookie with a fortune slip visible

Although tasty and often enlightening, these are not the cookies we are talking about…

If you have a website which uses software like WordPress, Joomla or Drupal you will need to display a cookie notice and link to a page with a Privacy Policy. You might even need the afore mentioned if you have any other type of site e.g. Weebly or Wix.

Cookies are tiny files created on your computer by your web browser.  They are used to store small bits of information to allow webpages to do more than just display pages.

An Example:

When you log into a website, your web browser will save a small file (cookie), containing an ID number,  to your computer.  When you then look at other pages on the same website, your web browser will look at this cookie, and pass the number back.   This allows the website to know that is it you browsing, so will show you pages that only you are allowed to see e.g Your account details.

Continue reading >

What is HTTPS and why does my site need it?

httpsWhen you open a web browser (e.g Chrome, Safari, Firefox) and to look at website, the browser is actually asking a webserver (a big computer) somewhere across the world, to send the pages of the website to your computer.  This conversation between your computer and server is handled by thousands of other computers and devices.

Think of this analogy; when you post a letter, is it handled by post office workers, driven around the country in Post Office vans, stored in sacks and pass through machines. Postal letters are protected by envelopes, and websites also need a type of envelope to provide security.

So, when we access a website, unless we take steps to protect the information we are requesting from, or sending through the site, the requests are potentially unprotected from naughty hackers who might intercept it, read it, potentially change, use it or sell it.

If a website is handling sensitive information such as personal details or credit card numbers, you can immediately see why this is a potential problem. A solution was therefore devised to protect the data.

Continue reading >

Don’t mention the P word!


Ooops, there… I said it!

Everyone is always banging on about productivity. I guess because it’s a big part of being effective in your business, and even, in life!

QuickBooks is sharing productivity tips through an article and graphic in honour of Work Wise Week.  So here are some of my own… a little blog about the P word.

For me, productivity starts the minute I wake up

The morning, before we start work, is the ‘mise en place‘ to our day. If we don’t start out right, with a bit of personal prep, the day could land in a big mess. Certainly, our coping skills are reduced if we are sluggish and still have yesterday’s stress wrapped up inside of us.

Some people call it ‘their morning ritual‘. Others, their morning routine.

Continue reading >

Win a 1 hour Support Session!

Happy new year! We are looking forward to supporting you and your business in 2017 and we wish you every success in all aspects of your life.

For a chance to win 1 hour session with me, please help me to understand your health and wellbeing market by completing a short survey about webinars. Webinars are seminars/workshops/online learning conducted over the Internet.

This survey should take less than 5 minutes to complete.

Win a 1 hour support session

You will be entered into a draw to win a 1 hour web presence support session with me.

Please note we will only use your email address for the purpose of contacting you, should you be the lucky winner!

The closing date is 28 February 2017.

Thank you for your time and feedback!


Continue reading >

Does your website need a cleanse?

I’m placing a bet on the fact that your website needs some attention. I know both of mine do!

There is a lot to consider when the new year comes around. And one of them could be setting yourself up a plan to attend to your website. Like body cleanses are “the thing” to do in January, why not do a website cleanse?

Or we can choose to not get caught up in the whole January thing and let leave this till February. Or even March.

Which ever you choose, RIGHT NOW, set a NON MOVABLE MEETING DATE with yourself to assess and cleanse your website.

  • Set aside 1 hour…that’s all!
  • Note down what you need to change.
  • Those changes can then take place throughout the year.

Now here is the key to change and cleansing…

I picked up this little beauty in a massage supervision session, from Nicola Damery, who is also one of my web clients.

It’s great to have goals. And after you have set them, you need micro-steps to help you achieve the goals.

For example:

Goal: Edit 4 pages of content on my site by the end of May

Microsteps: Schedule in 1 hour (non movable time) a month, for the next four months. Edit 1 page each session.

Micro-steps help things become more achievable

With the above example in mind, can you see how a task that actually seems like a lot of work, turns out to be 1 hour a week for 4 months? That’s really not a lot is it?

Continue reading >