As a member of the Institute of Sport and Remedial Massage, we are writing to advise on how we will be handling your data to comply with the new General Data Protection Regulation (GDPR), and to make you aware that you too will need to comply with the legislation with regards to your own clients and what this will entail.
New Data Protection Legislation is coming in to force in the UK on 25th May 2018. The General Data Protection Regulation (GDPR), is EU wide legislation, and is currently being enacted into UK law and will become the 2018 Data Protection Act.
This legislation will affect every business that handles personal data for clients, customers or staff. Personal data has been defined by the act as ‘any information relating to an identifiable person who can be directly or indirectly identified’.
The data we collect on you
The personal data we collect will include information relating to your name, address, date of birth, and wider contact details. We will also collect data relating to your training with us which may include information about any relevant health, disability or learning issues.
This data is shared with the individual school you have trained with (London School of Sports Massage, Oxford School of Sports Massage, Cambridge School of Sports Massage, Massage Training School, Active School of Complementary Therapy or School of Natural Therapy). We will only use your data for the purpose for which it was collected, to enable us to administer training and provide professional membership services.
We will retain your data for 7 years following the end of your training OR following lapsed membership of ISRM. If you wish to renew your membership after your data has been deleted the onus will be on you to provide evidence of your eligibility to renew. Y
have the right
You have the Individual Rights under the Data Protection act 2018
You can exercise your Individual Rights at any time without charge. However, if your request is considered repetitive, unfounded or excessive a reasonable administration fee can be charged.
We will take all appropriate technical and arganisational steps to protect the confidentiality, integrity, availability and authenticity of your data.
In regard to third parties
The data you collect on your clients
If you have clients whose personal data you collect and store you will need to ensure you comply with GDPR. To do this you must make available to them a notice that informs them about:
You must also inform them of their Individual Rights under the Data Protection Act 2018 (shown above)
Record Keeping and the GDPR
Personal data should not be kept for longer than is necessary. In the case of a client’s treatment notes, where claims for damages may occur some time after an event, we recommend that records should be kept for 7 years after the last treatment. In the case of minors records should be kept for 7 years after they reach the age of 18.