GDPR Policy – Updated August 2025

Dr Danielle Kerley - Clinical Psychologist

Policy covering data held by Dr Danielle Kerley

1.     What is GDPR?

GDPR is the General Data Protection Regulation that all professionals have to comply with. GDPR outlines how personal data is collected, shared or stored.

Dr Danielle Kerley keeps the following personal data

•        Name

•        Date of Birth

•        Address

•        Next of Kin details (including name & contact details)

•        GP details

•        Email/Telephone/Contact Details

•        Formal assessments (questionnaires, cognitive assessments)

•        Previous reports disclosed to us with your consent

•        Therapy summaries of sessions

•        Medical or mental health diagnoses

•        Family History

•        Medical information given during sessions

 Data is only collected and stored that is essential for our work (see below). If you have any queries about data that is being collected please ask.

2.     Why do we keep this data?  

We need to keep personal data to ensure we understand you and your situation, so we can support you effectively in our sessions, for safeguarding, to ensure we can effectively write reports or liaise with professionals as required (with your consent or within confidentiality guidelines) and to ensure you have the support you need. We also require data for invoicing purposes.

3.     Who has access to data and how may data be shared?

Data will be only be shared with your consent or knowledge (as per confidentiality guidance). Data may be shared via email, text or post as required. Data may be shared via email by password-protecting documents containing your personal details.

All Clinical Psychologists are required to seek clinical supervision for their work throughout their working life. This requires discussing aspects of their clinical work (including your data as required) with their clinical supervisor. Both supervisor and supervisee may keep supervision notes. They are typically anonymised and are stored securely and confidentially as outlined below. All Clinical Supervisors will be required to be GDPR compliant.

Admin support may be provided to process invoices, manage referral information and liaise with insurance companies, as required. Admin support may be requested via Empower Psychology. All employees of Empower Psychology adhere to strict confidentiality policies and are also GDPR compliant.

 

 

4.     How long do we keep this data?

We are required to keep data securely for 7 years (in line with current professional guidelines). Your data may be kept in one/all of the following: - Locked filing cabinet - Secure Computer (password protected) - Secure Email System (GDPR Compliant) - Secure Cloud Based Online Storage (GDPR Compliant)

5.     Can I request for data to be destroyed?

No. We are legally obliged to hold data securely for 7 years (as per current guidelines). After this time data will be destroyed. Data will never be shared without your consent or knowledge.

6.     Confidentiality/Privacy Notice

Your data will be kept confidential, and your consent will be requested before sharing data. The only exception to this rule is that data may be shared without consent if required for safeguarding, or if there is a risk of harm to self or others. This is in line with our professional duties and responsibilities.

 

PLEASE NOTE: ACCEPTANCE OF A SESSION WITH DR DANIELLE KERLEY CONSTITUTES AGREEMENT TO THE ABOVE.