A SHORTish GDPR implementation checklist, for health and wellbeing practitioners and therapists

I find it all very confusing. Just when I’ve spent a few hours figuring something out and deciding to set something in place, I then hear from someone else that we don’t have to set that thing in place. There’s reams of info, with clauses about this and that and the other.

So I reckonreduce your stress and prevent pulling out your hair, put a whole bunch of stuff in place, cover your back, then you don’t have to worry about anything.

I’ve made this list as concise as possible, and here is another list, which you really need to read as well, as it considers other elements of GDPR.

Don’t believe everything I say. However, if you implement my suggestions, you can save yourself a lot of time and energy AND play it safe. You might not need to do everything on this list and my previous list, however I figure, if you do all of this, then you can say you are offering best practice for everything.

There is so much to read and lots of conflicting advice, so I hope I’m interpreting it all correctly.

The 3 blog posts I’ve written are my interpretation and what I believe is best practice to get GDPR ready.

Get informed through other channels and do let me know if you find conflicting advice. 

GDPR Opt-In advice for complementary therapists / health and wellbeing practitioners

In my previous post you can read about GDPR and what action you can take to make sure you are adhering to the regulations.

However, I felt we needed a bit more clarity on the “must clients opt-in” question.

Ever heard of a “soft opt-in”?

Well, now you have. The information below will help you tremendously to understand what you need to do around getting clients, or potential clients, to opt-in.

Coupled with this advice, I recommend you do the right thing, an ethos my parents regularly instilled in me.

Why is GDPR important to me (a health and wellbeing practitioner) and what action must I take?

Easy speak GDPR summary and solutions below for health and wellbeing practitioners

Don’t freak out about GDPR, it’s actually quite simple! We are not experts on this subject, this is simply The Webmistress take on all of these GRPD changes.

I can’t include EVERYTHING in the list below, please read this checklist from the ICO and adhere to it.  There is another checklist here (a more recent blog post) you might want to look at.

As a wellbeing practitioner you need to be exceptionally careful AND MOST IMPORTANTLY, TRANSPARENT, about the information you hold about a client:

  1. You must have permission to hold client’s personal information (read the CONSENT section of this pdf) and you must record when and how you got consent, and exactly what it covers
  2. You must tell client’s how you are going to use their information and specify methods of communication (e.g. by email, newsletter, text, phone, call, recorded call, post)
  3. On a signup/contact form on your website, depending on how you are managing other signups (e.g newsletter signups), there might not need to be an opt-in tick box.  However, you do need to offer information about their data use (point 2 above) and instructions about how they can opt-out. Please read the next post about GDP opt-in advice
  4. If you previously have added people to a mailing list, WITH WHOM you have done ‘business’, you do not need to ask them to opt-in now. Please read the next post about GDP opt-in advice, though if you read number 1 above, you will see need to get consent to hold their info (if you have not previously done so)
  5. If you have not had an OPT-IN in place previously, and you have not “done any business with an individual”, you must delete their names from your mailing list and you CANNOT EMAIL THEM TO request they opt-in. However you might want to send an email to all your contacts updating them with relevant info
  6. You must tell them how long you will hold their data for (there are no rules about how long, so go with “as long as needed” and expand on what that might mean to you). Check with your governing body and insurance company about how long they required you to hold records
  7. You must store their details safely/securely – this means your phone and your computer should be password protected, keep your antivirus software up to date etc. And for paper records, you need a fireproof safe (EXAMPLE here). You might not need a fireproof safe, I’ve also heard that just something steel and lockable is ok. See the end of this article about reporting a data breach
  8. Make sure there is an easy/accessible way for your clients to update their info, request what information you hold on them, request their information to be deleted or make a complaint
  9. Register with the ICO (it’s only around £30 a year) and keep up to date with the law. The “Data Protection Act requires all businesses to register with the ICO”.  Take the test to see if your business needs to register…I’m sure you’ll find the answer to be YES

If you think I’ve missed anything of this list, please let me know.

Continue reading to find out what you need to put into action…

Cookies notice and privacy policy

Cookies. What are they and why do I need a cookie notice?

Cookies?  No, not fortune cookies!

Although tasty and often enlightening, these are not the cookies we are talking about…

If you have a website which uses software like WordPress, Joomla or Drupal you will need to display a cookie notice and link to a page with a Privacy Policy. You might even need the afore mentioned if you have any other type of site e.g. Weebly or Wix.

Cookies are tiny files created on your computer by your web browser.  They are used to store small bits of information to allow webpages to do more than just display pages.

An Example:

When you log into a website, your web browser will save a small file (cookie), containing an ID number,  to your computer.  When you then look at other pages on the same website, your web browser will look at this cookie, and pass the number back.   This allows the website to know that is it you browsing, so will show you pages that only you are allowed to see e.g Your account details.

Any website that does any customisation of its content based on any preferences you’ve saved, or has specific log in only sections, has to use cookies.   We’ve come to rely on a lot of these features whenever we use the internet, so you can see why they are important.

Does your website need a cleanse?

I’m placing a bet on the fact that your website needs some attention. I know both of mine do!

There is a lot to consider when the new year comes around. And one of them could be setting yourself up a plan to attend to your website. Like body cleanses are “the thing” to do in January, why not do a website cleanse?

Or we can choose to not get caught up in the whole January thing and let leave this till February. Or even March.

Which ever you choose, RIGHT NOW, set a NON MOVABLE MEETING DATE with yourself to assess and cleanse your website.

  • Set aside 1 hour…that’s all!
  • Note down what you need to change.
  • Those changes can then take place throughout the year.

Now here is the key to change and cleansing…

I picked up this little beauty in a massage supervision session, from Nicola Damery, who is also one of my web clients.

It’s great to have goals. And after you have set them, you need micro-steps to help you achieve the goals.

For example:

Goal: Edit 4 pages of content on my site by the end of May

Microsteps: Schedule in 1 hour (non movable time) a month, for the next four months. Edit 1 page each session.

Micro-steps help things become more achievable

With the above example in mind, can you see how a task that actually seems like a lot of work, turns out to be 1 hour a week for 4 months? That’s really not a lot is it?

Your homepage content

The homepage is the first page of your website.

Contrary to the old saying, “don’t judge a book by its cover”, Google (and other search engines) do indeed judge your website by it’s cover; the homepage.

“But I want my homepage to be clean and sparse” I hear you say. Yes, that’s a lovely idea; clean design is always desirable. Clean design gets the thumbs up. Minimal words, thumbs down.

Why is it a bad idea to have a minimal words on your site?

Feel better about blogging – get a blogging buddy

OMG, Not the ‘B word’ I hear you say!

Yes, the B word!

I know you feel it is a nightmare. I know you question whether or not you have to do. And I certainly know you don’t want to blog, let alone say the B word.

You wonder what on earth you’ll blog about. You wonder who on earth will read it.

Quite frankly, it’s all too much to think about, let alone set into action.

As a small business owner you do really need to be blogging. And there are many reasons why, but I’ll save that for another blog post.

Let’s just say for now, you accept you need to blog. Now its time to get jiggy with it. It’s time to turn that blog frown upside down.

Here are 3 blogging tips for you:

Why should I get a professional to create my website?

So, you might be sitting there thinking…”I know computers pretty well and WordPress is free…surely I can make my own site?”

The answer…yes of course you can (you can do anything!) but can you imagine how long and painstaking it will be? You’re on a steep learning curve. You’re learning how to build a site for a one-off?!

Doesn’t it make much more sense to invest your time in what you specialise in and to pay a website expert like the The Webmistress, who has loads of experience in creating professional websites.

Will prospective clients be able to find you? Will they like what they see?

So, you’ve made your own website, or you’re thinking about doing that. Are prospective clients going to be able to find you? Is the content written with (jargon alert!) SEO in mind? Does it have correct keywords and keywords phrases, pages titles and page descriptions? Maybe your wording, your pictures or the way your site looks won’t appeal or attract the correct type of clients or any clients at all.

Choosing the right domain name

You’re excited about having your first website and you’ve called in The Webmistress to create a website for you. But what are you going to call it? How do you choose your domain name?

Your domain name is part of your brand so it’s worth giving it some thought. It’s like your name – one of the ways you announce yourself to prospective clients.

 As part of your verbal calling card it needs to glide smoothly off your tongue when you’re meeting potential clients.

Let it stand proud, and be be easy to pronounce.