A SHORTish GDPR implementation checklist, for health and wellbeing practitioners and therapists

A SHORTish GDPR implementation checklist, for health and wellbeing practitioners and therapists

I find it all very confusing. Just when I’ve spent a few hours figuring something out and deciding to set something in place, I then hear from someone else that we don’t have to set that thing in place. There’s reams of info, with clauses about this and that and the other.

So I reckonreduce your stress and prevent pulling out your hair, put a whole bunch of stuff in place, cover your back, then you don’t have to worry about anything.

I’ve made this list as concise as possible, and here is another list, which you really need to read as well, as it considers other elements of GDPR.


Don’t believe everything I say. However, if you implement my suggestions, you can save yourself a lot of time and energy AND play it safe. You might not need to do everything on this list and my previous list, however I figure, if you do all of this, then you can say you are offering best practice for everything.

There is so much to read and lots of conflicting advice, so I hope I’m interpreting it all correctly.

The 3 blog posts I’ve written are my interpretation and what I believe is best practice to get GDPR ready.

Get informed through other channels and do let me know if you find conflicting advice. 

GDPR Opt-In advice for complementary therapists / health and wellbeing practitioners

GDPR Opt-In advice for complementary therapists / health and wellbeing practitioners

GDPR complementary therapist opt-in and soft opt-inIn my previous post you can read about GDPR and what action you can take to make sure you are adhering to the regulations.

However, I felt we needed a bit more clarity on the “must clients opt-in” question.

Ever heard of a “soft opt-in”?

Well, now you have. The information below will help you tremendously to understand what you need to do around getting clients, or potential clients, to opt-in.

Coupled with this advice, I recommend you do the right thing, an ethos my parents regularly instilled in me.

Why is GDPR important to me (a health and wellbeing practitioner) and what action must I take?

Why is GDPR important to me (a health and wellbeing practitioner) and what action must I take?

Easy speak GDPR summary and solutions below for health and wellbeing practitioners

Don't sweat GDPR: The webmistress advises

Don’t freak out about GDPR, it’s actually quite simple! We are not experts on this subject, this is simply The Webmistress take on all of these GRPD changes.

I can’t include EVERYTHING in the list below, please read this checklist from the ICO and adhere to it.  There is another checklist here (a more recent blog post) you might want to look at.

As a wellbeing practitioner you need to be exceptionally careful AND MOST IMPORTANTLY, TRANSPARENT, about the information you hold about a client:

  1. You must have permission to hold client’s personal information (read the CONSENT section of this pdf) and you must record when and how you got consent, and exactly what it covers
  2. You must tell client’s how you are going to use their information and specify methods of communication (e.g. by email, newsletter, text, phone, call, recorded call, post)
  3. On a signup/contact form on your website, depending on how you are managing other signups (e.g newsletter signups), there might not need to be an opt-in tick box.  However, you do need to offer information about their data use (point 2 above) and instructions about how they can opt-out. Please read the next post about GDP opt-in advice
  4. If you previously have added people to a mailing list, WITH WHOM you have done ‘business’, you do not need to ask them to opt-in now. Please read the next post about GDP opt-in advice, though if you read number 1 above, you will see need to get consent to hold their info (if you have not previously done so)
  5. If you have not had an OPT-IN in place previously, and you have not “done any business with an individual”, you must delete their names from your mailing list and you CANNOT EMAIL THEM TO request they opt-in. However you might want to send an email to all your contacts updating them with relevant info
  6. You must tell them how long you will hold their data for (there are no rules about how long, so go with “as long as needed” and expand on what that might mean to you). Check with your governing body and insurance company about how long they required you to hold records
  7. You must store their details safely/securely – this means your phone and your computer should be password protected, keep your antivirus software up to date etc. And for paper records, you need a fireproof safe (EXAMPLE here). You might not need a fireproof safe, I’ve also heard that just something steel and lockable is ok. See the end of this article about reporting a data breach
  8. Make sure there is an easy/accessible way for your clients to update their info, request what information you hold on them, request their information to be deleted or make a complaint
  9. Register with the ICO (it’s only around £30 a year) and keep up to date with the law. The “Data Protection Act requires all businesses to register with the ICO”.  Take the test to see if your business needs to register…I’m sure you’ll find the answer to be YES

If you think I’ve missed anything of this list, please let me know.

Continue reading to find out what you need to put into action…

Cookies notice and privacy policy

Cookies. What are they and why do I need a cookie notice?

Cookies?  No, not fortune cookies!

Photo of a fortune cookie with a fortune slip visible

Although tasty and often enlightening, these are not the cookies we are talking about…

If you have a website which uses software like WordPress, Joomla or Drupal you will need to display a cookie notice and link to a page with a Privacy Policy. You might even need the afore mentioned if you have any other type of site e.g. Weebly or Wix.

Cookies are tiny files created on your computer by your web browser.  They are used to store small bits of information to allow webpages to do more than just display pages.

An Example:

When you log into a website, your web browser will save a small file (cookie), containing an ID number,  to your computer.  When you then look at other pages on the same website, your web browser will look at this cookie, and pass the number back.   This allows the website to know that is it you browsing, so will show you pages that only you are allowed to see e.g Your account details.

Does your website need a cleanse?

I’m placing a bet on the fact that your website needs some attention. I know both of mine do!

There is a lot to consider when the new year comes around. And one of them could be setting yourself up a plan to attend to your website. Like body cleanses are “the thing” to do in January, why not do a website cleanse?

Or we can choose to not get caught up in the whole January thing and let leave this till February. Or even March.

Which ever you choose, RIGHT NOW, set a NON MOVABLE MEETING DATE with yourself to assess and cleanse your website.

  • Set aside 1 hour…that’s all!
  • Note down what you need to change.
  • Those changes can then take place throughout the year.

Now here is the key to change and cleansing…

I picked up this little beauty in a massage supervision session, from Nicola Damery, who is also one of my web clients.

It’s great to have goals. And after you have set them, you need micro-steps to help you achieve the goals.

For example:

Goal: Edit 4 pages of content on my site by the end of May

Microsteps: Schedule in 1 hour (non movable time) a month, for the next four months. Edit 1 page each session.

Micro-steps help things become more achievable

With the above example in mind, can you see how a task that actually seems like a lot of work, turns out to be 1 hour a week for 4 months? That’s really not a lot is it?

Your homepage content

The homepage is the first page of your website.

Contrary to the old saying, “don’t judge a book by its cover”, Google (and other search engines) do indeed judge your website by it’s cover; the homepage.bindi

“But I want my homepage to be clean and sparse” I hear you say. Yes, that’s a lovely idea; clean design is always desirable. Clean design gets the thumbs up. Minimal words, thumbs down.

Why is it a bad idea to have a minimal words on your site?

Feel better about blogging – get a blogging buddy

Blogging excitementOMG, Not the ‘B word’ I hear you say!

Yes, the B word!

I know you feel it is a nightmare. I know you question whether or not you have to do. And I certainly know you don’t want to blog, let alone say the B word.

You wonder what on earth you’ll blog about. You wonder who on earth will read it.

Quite frankly, it’s all too much to think about, let alone set into action.

As a small business owner you do really need to be blogging. And there are many reasons why, but I’ll save that for another blog post.

Let’s just say for now, you accept you need to blog. Now its time to get jiggy with it. It’s time to turn that blog frown upside down.

Here are 3 blogging tips for you:

Why should I get a professional to create my website?

So, you might be sitting there thinking…”I know computers pretty well and WordPress is free…surely I can make my own site?”

The answer…yes of course you can (you can do anything!) but can you imagine how long and painstaking it will be? You’re on a steep learning curve. You’re learning how to build a site for a one-off?!

Doesn’t it make much more sense to invest your time in what you specialise in and to pay a website expert like the The Webmistress, who has loads of experience in creating professional websites.

Will prospective clients be able to find you? Will they like what they see?

So, you’ve made your own website, or you’re thinking about doing that. Are prospective clients going to be able to find you? Is the content written with (jargon alert!) SEO in mind? Does it have correct keywords and keywords phrases, pages titles and page descriptions? Maybe your wording, your pictures or the way your site looks won’t appeal or attract the correct type of clients or any clients at all.

How do you know you are you going to put the information in the correct place, under the correct headings? Maybe you try use funky words for your sections, to be different. That will drive people away from your site as they won’t be able to find the information in the places they are looking for it. Do you know where information should go and how to structure your site so people can find it easily and won’t just get annoyed and leave you site?

Webmistress WordPress Blog Fiesta, Bath 11 April 2012

wordPressPartyIt’s Blog Fiesta time!

Date: Wednesday 11 April 2012
Time: 7.15pm (for 7.30pm) – 9.30pm
Place: The Practice Rooms, 26 Upper Borough Walls, Bath. BA1 1RH
Cost: free
RSVP: numbers are limited so please reserve your place ASAP, by 4 April

Please email us to be kept informed &
to reserve your place.

We are delighted to announce our 2nd Webmistress WordPress Event to help you stay engaged with your website.

This time the subject is Blogging. Everyone is welcome, whether you’re already our client or this is the first time you’ve heard of The Webmistress.

You may have heard the B-word and wondered what on earth it means. Or perhaps you’ve had your website built by us and we’ve encouraged you to blog. Or maybe you’re excited at the prospect of keeping visitors to your site up-to-date with your latest news and can’t wait to get blogging.

At this evening event, we’ll be introducing the What, Why and How of Blogging with WordPress. We’ll give you some tips get you started. Our special guest is Bo Novak, one of our super-blogging clients.

It’s going to be a sociable evening of fun and learning with an opportunity to ask questions and mingle with others from the local holistic community.

We’d love to see you there!

Some words from our Special Guest, Bo Novak – Women’s Health Blogger


Webmistress WordPress Party

wordPressPartyWe are holding a Webmistress WordPress Party to help you stay engaged with your website.

It’s going to be a social evening of fun and learning with an opportunity to mingle with other local therapists and practitioners. We’d love to see you there!

We are delighted to welcome special guests Imogen and Catherine from social-i, who will be there to answer your questions on social media.

Programme for the evening:
6.30pm – 7.30pm: Question and answer session
7.30pm – 9pm: Freestyle lessons & Social time. We’ll be making our rounds to help you make basic changes on your site and to answer your ‘HOW DO I?’ questions.